Author: geissert Date: 2010-08-28 21:46:05 +0000 (Sat, 28 Aug 2010) New Revision: 15229 Modified: data/CVE/list Log: we do ship phpCAS Modified: data/CVE/list ==================================================================--- data/CVE/list 2010-08-28 21:14:46 UTC (rev 15228) +++ data/CVE/list 2010-08-28 21:46:05 UTC (rev 15229) @@ -908,9 +908,15 @@ CVE-2010-2797 RESERVED CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...) - NOT-FOR-US: phpCAS + - libphp-cas <itp> (bug #495542) + - glpi <unfixed> + - moodle <unfixed> + TODO: check embedders CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack ...) - NOT-FOR-US: phpCAS + - libphp-cas <itp> (bug #495542) + - glpi <unfixed> + - moodle <unfixed> + TODO: check embedders CVE-2010-2794 RESERVED CVE-2010-2793 @@ -4021,7 +4027,10 @@ CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...) - moodle 1.9.8-1 (low; bug #585425) CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library ...) + - libphp-cas <itp> (bug #495542) - moodle 1.9.8-1 (low; bug #574757) + - glpi <unfixed> + TODO: check glpi CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ...) - moodle 1.9.8-1 (unimportant; bug #585427) NOTE: i have a hard time seeing the security impact, moodle is a course management @@ -5820,6 +5829,7 @@ - alien-arena 7.33-5 (low; bug #575621) [lenny] - alien-arena 7.0-1+lenny2 CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52] + - libphp-cas <itp> (bug #495542) - glpi 0.72.4-2 (bug #574760; unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52