Mangelnde Prüfung von Zertifikaten in php-pear-CAS
ID: | FEDORA-2012-21122 |
Distribution: | Fedora |
Plattformen: | Fedora 16 |
Datum: | Mi, 9. Januar 2013, 11:20 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5583 |
Applikationen: | phpCAS |
Originalnachricht |
|
Name : php-pear-CAS Product : Fedora 16 Version : 1.3.2 Release : 1.fc16 URL : https://wiki.jasig.org/display/CASC/phpCAS Summary : Central Authentication Service client library in php Description : This package is a PEAR library for using a Central Authentication Service. -------------------------------------------------------------------------------- Update Information: Changes in version 1.3.2 Security Fixes: * CVE-2012-5583 Missing CN validation of CAS server certificate [#58] (Joachim Fritschi) Bug Fixes: * Fix broken character encoding in Greek and French [#40] (Joachim Fritschi) * Minor error corrections in a few example files [] (Joachim Fritschi) * Remove erroneous break statement [#44] (jbittel) * Use X-Forwarded-Port [#45] (Andrew Kirkpatrick) * Stop autoloader using set_include_path [#51/#52] (drysdaleb) * Fix undefined property in the rebroadcast code [#47] (Joachim Fritschi) Improvement: * Enable getCookies on a proxied sevices [#56] (Adam Franco) Changes in version 1.3.1 Bug Fixes: * Readd PEAR support to the package [#30] (Joachim Fritschi) * fix a __autoload conflicts in the autoloader [#36] (Joachim Fritschi) * fix PEAR code style errors [25] (Joachim Fritschi) * properly unset variables during checkAuthenticate[#35] (Joachim Fritschi) -------------------------------------------------------------------------------- ChangeLog: * Sat Dec 29 2012 Remi Collet |