CVE-2014-4172

NameCVE-2014-4172
Descriptionphp-cas unencoded tickets
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-3017-1
Debian Bugs759718, 775842

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php-cas (PTS)wheezy, wheezy (security)1.3.1-4+deb7u1fixed
jessie1.3.3-1fixed
buster, stretch, sid1.3.3-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moodlesource(unstable)2.7.2-1775842
moodlesourcesqueeze(unfixed)end-of-life
php-cassource(unstable)1.3.3-1759718
php-cassourcewheezy1.3.1-4+deb7u1DSA-3017-1

Notes

https://github.com/Jasig/phpCAS/pull/125
[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46766

Search for package or bug name: Reporting problems