Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4701 to the following vulnerability: Name: CVE-2013-4701 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4701 Assigned: 20130626 Reference: https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9 Reference: JVN:JVN#24713981 Reference: http://jvn.jp/en/jp/JVN24713981/index.html Reference: JVNDB:JVNDB-2013-000080 Reference: http://jvndb.jvn.jp/jvndb/JVNDB-2013-000080 Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via XRDS data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Created php-pear-Auth-OpenID tracking bugs for this issue: Affects: fedora-all [bug 999688]
php-pear-Auth-OpenID-2.2.2-7.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
php-pear-Auth-OpenID-2.2.2-7.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
php-pear-Auth-OpenID-2.2.2-7.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.