ocsinventory-server (2.5+dfsg1-1+deb10u1) buster-security; urgency=medium
    
  If you are using CAS for authentification to ocsinventory-reports:
  
  To mitigate CVE-2022-39369, a vulnerablity in php-cas, the library used to
  implement the CAS protocol, had to introduce an API breaking change and now
  requires the baseURL of to-be-authenticated service to be configured. 
  
  For ocsinventory-reports, this is configured with the variable
  $cas_service_base_url in
  /usr/share/ocsinventory-reports/backend/require/cas.config.php
 
 -- Tobias Frost <tobi@debian.org>  Thu, 06 Jul 2023 17:45:26 +0200
