Package: php-cas / 1.3.8-1+deb11u1

Metadata

Package Version Patches format
php-cas 1.3.8-1+deb11u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2022 39369.patch | (download)

source/CAS.php | 24 20 + 4 - 0 !
source/CAS/Client.php | 112 58 + 54 - 0 !
source/CAS/ServiceBaseUrl/AllowedListDiscovery.php | 152 152 + 0 - 0 !
source/CAS/ServiceBaseUrl/Base.php | 98 98 + 0 - 0 !
source/CAS/ServiceBaseUrl/Interface.php | 61 61 + 0 - 0 !
source/CAS/ServiceBaseUrl/Static.php | 69 69 + 0 - 0 !
test/CAS/Tests/ServiceBaseUrlTest.php | 244 244 + 0 - 0 !
7 files changed, 702 insertions(+), 58 deletions(-)

 [patch] merge pull request from ghsa-8q72-6qq8-xv64

* Add ServerName classes and required service_name constructor argument

This includes a refactoring of moving Client->_getClientUrl() method to a new class.

Unit tests are also added and updated for the new constructor argument.

* Add service_name argument to the static helper class and examples

* Update docs for 1.6.0 release

* Update versions for the 1.6.0 release

* Rename ServerName class to ServiceBaseUrl and add protocol in allowedlist check

* Update docs for the ServiceBaseUrl class and argument change

* Minor typo fixes