[OpenID] Apply fixes to PHP OpenID Library
Nat Sakimura
sakimura at gmail.com
Sat Aug 24 13:51:40 UTC 2013
PHP OpenID Library had a security problem with regard to external XML
entity. It allows attacker to read server information and may cause the
excessive resource consumption on the server.
This vulnerability is reported as
CVE-2013-4701<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4701>
The patch has been provided by Kousuke Ebihara and was applied to the
github repository by Will Norris.
If you are using PHP OpenID Library, please download the latest version and
use it.
https://github.com/openid/php-openid/commits/master
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20130824/1f01dd61/attachment.html>
More information about the general
mailing list