Candidate: CVE-2013-4701
PublicDate: 2013-08-21 16:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4701
 https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9
 http://jvndb.jvn.jp/jvndb/JVNDB-2013-000080
 http://jvn.jp/en/jp/JVN24713981/index.html
Description:
 Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote
 attackers to read arbitrary files, send HTTP requests to intranet servers,
 or cause a denial of service (CPU and memory consumption) via XRDS data
 containing an external entity declaration in conjunction with an entity
 reference, related to an XML External Entity (XXE) issue.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Kousuke Ebihara
Assigned-to:
CVSS: 

Patches_php-openid:
 upstream: https://github.com/openid/php-openid/commit/625c16bb28bb120d262b3f19f89c2c06cb9b0da9
upstream_php-openid: released (2.2.2-1.2)
lucid_php-openid: ignored (reached end-of-life)
precise_php-openid: ignored (reached end-of-life)
precise/esm_php-openid: DNE (precise was needed)
quantal_php-openid: ignored (reached end-of-life)
raring_php-openid: ignored (reached end-of-life)
saucy_php-openid: ignored (reached end-of-life)
trusty_php-openid: not-affected (2.2.2-1.2)
trusty/esm_php-openid: DNE (trusty was not-affected [2.2.2-1.2])
utopic_php-openid: ignored (reached end-of-life)
vivid_php-openid: ignored (reached end-of-life)
vivid/stable-phone-overlay_php-openid: DNE
vivid/ubuntu-core_php-openid: DNE
wily_php-openid: ignored (reached end-of-life)
xenial_php-openid: not-affected (2.2.2-1.2)
yakkety_php-openid: not-affected (2.2.2-1.2)
zesty_php-openid: DNE
devel_php-openid: DNE