[Secure-testing-commits] r53515 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Sat Jul 15 19:30:25 UTC 2017
Author: carnil
Date: 2017-07-15 19:30:25 +0000 (Sat, 15 Jul 2017)
New Revision: 53515
Modified:
data/CVE/list
Log:
Mark CVE-2017-1000071 as no-dsa
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-07-15 19:30:14 UTC (rev 53514)
+++ data/CVE/list 2017-07-15 19:30:25 UTC (rev 53515)
@@ -483,6 +483,8 @@
NOT-FOR-US: Creolabs Gravity
CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass ...)
- php-cas <unfixed>
+ [stretch] - php-cas <no-dsa> (Minor issue)
+ [jessie] - php-cas <no-dsa> (Minor issue)
[wheezy] - php-cas <no-dsa> (Minor issue, only works with old CAS server)
NOTE: https://github.com/Jasig/phpCAS/issues/228
NOTE: The vulnerability only exists when the server is affected by
More information about the Secure-testing-commits
mailing list