Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2014-4172

Source

Debian Bug report logs - #759718
php-cas needs to urlencode all tickets (CVE-2014-4172)

Package: php-cas; Maintainer for php-cas is Xavier Guimard <yadd@debian.org>; Source for php-cas is src:php-cas (PTS, buildd, popcon).

Reported by: "Thijs Kinkhorst" <thijs@debian.org>

Date: Fri, 29 Aug 2014 18:00:02 UTC

Severity: serious

Tags: fixed-upstream, security

Fixed in versions php-cas/1.3.1-4+deb7u1, php-cas/1.3.3-1

Done: Olivier Berger <olivier.berger@it-sudparis.eu>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/Jasig/phpCAS/pull/125

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Olivier Berger <obergix@debian.org>:
Bug#759718; Package php-cas. (Fri, 29 Aug 2014 18:00:06 GMT) (full text, mbox, link).

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
New Bug report received and forwarded. Copy sent to Olivier Berger <obergix@debian.org>. (Fri, 29 Aug 2014 18:00:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: php-cas
Severity: serious
Tags: fixed-upstream

Hi Olivier,

php-cas 1.3.3 fixes security issue CVE-2014-4172: urlencode all tickets.
Can you please upgrade php-cas in Debian to this version?


thanks,
Thijs

Added tag(s) security. Request was from Thijs Kinkhorst <thijs@debian.org> to control@bugs.debian.org. (Sat, 30 Aug 2014 07:21:04 GMT) (full text, mbox, link).

Reply sent to Thijs Kinkhorst <thijs@debian.org>:
You have taken responsibility. (Wed, 03 Sep 2014 10:18:14 GMT) (full text, mbox, link).

Notification sent to "Thijs Kinkhorst" <thijs@debian.org>:
Bug acknowledged by developer. (Wed, 03 Sep 2014 10:18:14 GMT) (full text, mbox, link).

Message #12 received at 759718-close@bugs.debian.org (full text, mbox, reply):

Source: php-cas
Source-Version: 1.3.1-4+deb7u1

We believe that the bug you reported is fixed in the latest version of
php-cas, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 759718@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated php-cas package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 01 Sep 2014 17:42:49 +0200
Source: php-cas
Binary: php-cas
Architecture: source all
Version: 1.3.1-4+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Olivier Berger <obergix@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 php-cas    - ${phppear:summary}
Closes: 759718
Changes: 
 php-cas (1.3.1-4+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the security team.
   * Fix CVE-2014-4172: urlencode all tickets (closes: #759718).
Checksums-Sha1: 
 b5776f281fcb74e079bccd7a4b3698070f0887f7 1593 php-cas_1.3.1-4+deb7u1.dsc
 dacf703950701f948cba6048ef033e7612b4494f 89389 php-cas_1.3.1.orig.tar.gz
 9a8542fe20e491824f696533b82f77318557045a 7157 php-cas_1.3.1-4+deb7u1.debian.tar.gz
 6929cace6f7853a4130c86e1245bf5ce1e3d9501 78398 php-cas_1.3.1-4+deb7u1_all.deb
Checksums-Sha256: 
 ff5ea9b2d9c392d227f91d9283a6ffd1b4b299a64c8dc9adca201e785a96df9a 1593 php-cas_1.3.1-4+deb7u1.dsc
 72308eb2f42ee5eeef3681100f1cf258a9cdc25edb38543a7f0c8c8f3bcf4129 89389 php-cas_1.3.1.orig.tar.gz
 8e7385cb423d6ae7a5313c9f68c6e42599d976e36b54f75b8f926e36e8b322b0 7157 php-cas_1.3.1-4+deb7u1.debian.tar.gz
 d1acbffbb90b7c270208f346de099f6c0a52fe7b93ad024393aec85227730a93 78398 php-cas_1.3.1-4+deb7u1_all.deb
Files: 
 88e53bb7f09fe85618b7d32a02516a35 1593 php optional php-cas_1.3.1-4+deb7u1.dsc
 90773740cc703eaa51a23901476f1042 89389 php optional php-cas_1.3.1.orig.tar.gz
 9303fafc3a1232ba2cce67f9fc424774 7157 php optional php-cas_1.3.1-4+deb7u1.debian.tar.gz
 c469d26208c27ca6feeeb1618d07a986 78398 php optional php-cas_1.3.1-4+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJUBY+VAAoJEFb2GnlAHawEhSIIAIbSmHCehjG9QXq9e4EW9j4k
MOrpK79zARY5bkmvLJTKgNzrA/eO0tQXmnySSx17kUI8Uh+HH7NCvkxs6iRvGSIn
UshHw9R4LcslQJR3hqKHIWwE644/Cx0RPfaXQd28wIZLlt1IZIhyu+W/eF+H8B5q
UayHAvQYQzmDCbHy9JmVdrNaOXmLk4Xsh0rgWnfJrehw1JK03uczaW3l+T0cuhDE
Kc9DjDlmK6hCEL/IctC9ca23N1rv37RoIJ9PH24zDXRremiHXfEJnEEzPpyGLrSC
y97/LcUl9GoWyA4tpQSzpZiey+tTldg7FJ4iUj/XZWY7ss0AZTeTANxqFMRPL9U=
=IbG5
-----END PGP SIGNATURE-----

Set Bug forwarded-to-address to 'https://github.com/Jasig/phpCAS/pull/125'. Request was from Olivier Berger <obergix@debian.org> to control@bugs.debian.org. (Wed, 03 Sep 2014 11:27:07 GMT) (full text, mbox, link).

Reply sent to Olivier Berger <olivier.berger@it-sudparis.eu>:
You have taken responsibility. (Thu, 04 Sep 2014 05:06:14 GMT) (full text, mbox, link).

Notification sent to "Thijs Kinkhorst" <thijs@debian.org>:
Bug acknowledged by developer. (Thu, 04 Sep 2014 05:06:14 GMT) (full text, mbox, link).

Message #19 received at 759718-close@bugs.debian.org (full text, mbox, reply):

Source: php-cas
Source-Version: 1.3.3-1

We believe that the bug you reported is fixed in the latest version of
php-cas, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 759718@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Olivier Berger <olivier.berger@it-sudparis.eu> (supplier of updated php-cas package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 03 Sep 2014 13:37:14 +0200
Source: php-cas
Binary: php-cas
Architecture: source all
Version: 1.3.3-1
Distribution: unstable
Urgency: medium
Maintainer: Olivier Berger <obergix@debian.org>
Changed-By: Olivier Berger <olivier.berger@it-sudparis.eu>
Description:
 php-cas    - ${phppear:summary}
Closes: 759716 759718
Changes:
 php-cas (1.3.3-1) unstable; urgency=medium
 .
   * New upstream version (Closes:  #759718 (CVE-2014-4172)).
   * Drop unneeded dependency on php-db (Closes: #759716).
Checksums-Sha1:
 94a07919ffa64fd83a037bc03b383ee05a9ac41f 1971 php-cas_1.3.3-1.dsc
 18add823a5dfc52aa9bc924b127fe4166d861784 95030 php-cas_1.3.3.orig.tar.gz
 e7b52e94f111308a93d9ccfef8bb6f7a3dda3ef2 3208 php-cas_1.3.3-1.debian.tar.xz
 83789bb2a13833c5f907b5e78fa70eb11aad8026 66556 php-cas_1.3.3-1_all.deb
Checksums-Sha256:
 03e33cbc1eef5f7d4820c37a943b3fdcd016d5945124b3378ae28f4e73f15e89 1971 php-cas_1.3.3-1.dsc
 13072eba4916d2c4470a4d25963067395265914ddd558bed82e3f33d9a6fe9f1 95030 php-cas_1.3.3.orig.tar.gz
 a529de05ce277d457e29ebc7e211cb536b6e07a12988100a56bd3d21116c43b9 3208 php-cas_1.3.3-1.debian.tar.xz
 ee1483d77307fd170f45c24507c00e3e6574bfe26e3bafac0e1f0f64b5183a9a 66556 php-cas_1.3.3-1_all.deb
Files:
 6128e6fb10111d7d60bb1c522edfbf9c 66556 php optional php-cas_1.3.3-1_all.deb
 59bad90a53f5ea61c6897c1a64052352 1971 php optional php-cas_1.3.3-1.dsc
 74fa7336dfe68b49c8ce85f1b4bae7a1 95030 php optional php-cas_1.3.3.orig.tar.gz
 8cfd605bd3c5cc4d116c7bf5e0f63162 3208 php optional php-cas_1.3.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUB3nRAAoJEOlB3tp8W7al69QQAMTOtV642vRTmwbGgDuB/h4D
qZL+yG9phrswjPz11tW6ukVguMnRWJ9eGZn1beeqcGfDUDQfhs/v3/6SYy+WGm3T
nLCi4SrcIrZUvTWDS+ClbCKkBOvcaVIAPblmXr3EkyrJhP8BRkecn5Flg6jdv0b4
VZjbNO+txQRbY2T9E4J+etGBnAwEd0xDlphv4V+TKEO4qOjF/WRyW9YP6ic27Zfg
/IjjBKbLKiBm41Q62Gw+OAtqB4yi2s0tVhMaKodJ4biUqYHNVO6eXWBrQerhvUIp
SWYhk/usmZhSNON22a58eIPRjsr5QJTg4K7A7Fbfpv4wXQFIVhJuvDhEbWstx/xV
Fgs8hfkAAl5B2EBnL9H5J479Ob+d8YMC/TNQjLtJ3Z0ZoosxL+QfXlL5DAjZsJyh
hb7es8yLyQwiIfm7zhRiZ2ppopl2KE8bj2QaJhpsQ+Qf3yM/sGnZI39AQw2SEVPM
nCz+Qz6qTpCRQ98U3CwpW7lCyM241Dq37uTjWW1YRKUp+7hpV6iTvVDobCUnZuvb
0lJYEBuQYXB+yQxzeeUB+3oNgCqRPt55hRqb2xsk41+Ud/voPAoJ8muUohGnQX/U
qfs13HJHkIrHxIC72Uj/FXTEUen8siGNgIj3azeJ5ZVPr9PntNpG6PxHjrjwa0Np
GfQ89tPqFn2NDLwrCd7B
=s4pe
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 19 Oct 2014 07:27:08 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:43:36 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

php-cas needs to urlencode all tickets (CVE-2014-4172)

Debian Bug report logs - #759718
php-cas needs to urlencode all tickets (CVE-2014-4172)

Vulmon Search

About

Products

Connect

php-cas needs to urlencode all tickets (CVE-2014-4172)

Debian Bug report logs - #759718 php-cas needs to urlencode all tickets (CVE-2014-4172)

Vulmon Search

About

Products

Connect

Debian Bug report logs - #759718
php-cas needs to urlencode all tickets (CVE-2014-4172)