Package: php-cas | Debian Sources

Package: php-cas / 1.3.8-1+deb11u1

Metadata

Package	Version	Patches format
php-cas	1.3.8-1+deb11u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
CVE 2022 39369.patch \| (download)	source/CAS.php \| 24 20 + 4 - 0 ! source/CAS/Client.php \| 112 58 + 54 - 0 ! source/CAS/ServiceBaseUrl/AllowedListDiscovery.php \| 152 152 + 0 - 0 ! source/CAS/ServiceBaseUrl/Base.php \| 98 98 + 0 - 0 ! source/CAS/ServiceBaseUrl/Interface.php \| 61 61 + 0 - 0 ! source/CAS/ServiceBaseUrl/Static.php \| 69 69 + 0 - 0 ! test/CAS/Tests/ServiceBaseUrlTest.php \| 244 244 + 0 - 0 ! 7 files changed, 702 insertions(+), 58 deletions(-)	[patch] merge pull request from ghsa-8q72-6qq8-xv64 * Add ServerName classes and required service_name constructor argument This includes a refactoring of moving Client->_getClientUrl() method to a new class. Unit tests are also added and updated for the new constructor argument. * Add service_name argument to the static helper class and examples * Update docs for 1.6.0 release * Update versions for the 1.6.0 release * Rename ServerName class to ServiceBaseUrl and add protocol in allowedlist check * Update docs for the ServiceBaseUrl class and argument change * Minor typo fixes

Patch

File delta

Description

CVE 2022 39369.patch | (download)

source/CAS.php | 24 20 + 4 - 0 !
source/CAS/Client.php | 112 58 + 54 - 0 !
source/CAS/ServiceBaseUrl/AllowedListDiscovery.php | 152 152 + 0 - 0 !
source/CAS/ServiceBaseUrl/Base.php | 98 98 + 0 - 0 !
source/CAS/ServiceBaseUrl/Interface.php | 61 61 + 0 - 0 !
source/CAS/ServiceBaseUrl/Static.php | 69 69 + 0 - 0 !
test/CAS/Tests/ServiceBaseUrlTest.php | 244 244 + 0 - 0 !
7 files changed, 702 insertions(+), 58 deletions(-)

 [patch] merge pull request from ghsa-8q72-6qq8-xv64

* Add ServerName classes and required service_name constructor argument

This includes a refactoring of moving Client->_getClientUrl() method to a new class.

Unit tests are also added and updated for the new constructor argument.

* Add service_name argument to the static helper class and examples

* Update docs for 1.6.0 release

* Update versions for the 1.6.0 release

* Rename ServerName class to ServiceBaseUrl and add protocol in allowedlist check

* Update docs for the ServiceBaseUrl class and argument change

* Minor typo fixes