Bug 646659 (CVE-2010-3690, CVE-2010-3691, CVE-2010-3692)
Summary: | CVE-2010-3690 CVE-2010-3691 CVE-2010-3692 phpCAS: multiple vulnerabilities fixes in 1.1.3 | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | fedora, gwync |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-05-08 18:40:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 620759 | ||
Bug Blocks: |
Description
Vincent Danen
2010-10-25 21:07:19 UTC
Created glpi tracking bugs for this issue Affects: fedora-all [bug 620759] Created moodle tracking bugs for this issue Affects: fedora-all [bug 646661] I don't think this affects moodle in Fedora currently, since as of 1.9.9-2, we use system phpCAS. (In reply to comment #5) > I don't think this affects moodle in Fedora currently, since as of 1.9.9-2, we > use system phpCAS. You're right, I see that in the spec now. I'll fix the tracking bug then. Thank you. For reference: #use system php-pear-CAS rm -rf $RPM_BUILD_ROOT/var/www/moodle/web/auth/cas ln -s /usr/share/pear/ $RPM_BUILD_ROOT/var/www/moodle/web/auth/cas ... * Thu Aug 19 2010 Jon Ciesla <limb> - 1.9.9-2 - Switch to system php-pear-CAS, BZ 577467, 620772. GLPI also use, for a while, system phpCAS (php-pear-CAS-1.1.3 is available in the repositories).
Except in EPEL-4, but I think I'm going to remove this oudated version (not maintained, and which can't be updated because of php 5 dep.)
From spec:
> # Use system lib
> rm -rf lib/phpcas
(In reply to comment #7) > GLPI also use, for a while, system phpCAS (php-pear-CAS-1.1.3 is available in > the repositories). > > Except in EPEL-4, but I think I'm going to remove this oudated version (not > maintained, and which can't be updated because of php 5 dep.) And Fedora 12. This change was made in Fedora 13. 0.72.4-2.svn11035.fc12 still has an embedded phpCAS. In fact, the last changelog entry on that one: * Mon Mar 22 2010 Remi Collet <> - 0.72.4-2.svn11035 - update embedded phpCAS to 1.1.0RC7 (security fix - #575906) I must apologize... I was thinking I have push this update in all branch :( glpi-0.72.4-3.svn11497 is now in f12 and f13 (updates pending) glpi-0.71 have been retired from el4 (ticket pending) Fantastic. Thank you, Remi. |