[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 333-1] cakephp security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : cakephp
Version        : 1.3.2-1.1+deb6u11

CakePHP, an open-source web application framework for PHP, was
vulnerable to SSRF (Server Side
Request Forgery) attacks. Remote attacker can utilize it for at least
DoS (Denial of Service) attacks, if the target application accepts XML
as an input. It is caused by insecure design of Cake's Xml class.

For Debian 6 Squeeze, this issue has been fixed in cakephp version
1.3.2-1.1+deb6u11.


Regards,

- - --
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWKhDXAAoJEB6VPifUMR5YKOEP/iRyGUYM9ia/LQPXZLKkj405
lCg3jOTq0Lua/eu4dJI3rNeueXNiKLikE4/P5JDTJ7YXq91o4zKX21dHE9rfVXCw
uy6E/W/vt9qIrABMorCpeu4/rlQng8gsSHm1SUjHSfT4HV7/ZEYB4YJ10BOAwSRT
IxOVyPxzynhITNtDtaTcFGTgCqr0ACrwPGvHXvoSJikbSpevvVlqPzpwyw9fpiB8
AVNqGDHnz0Q4DL5+S/Hkqk5J2MB3AkzvyAR9h04gwgHoYja3yE17UHdneejB5QJ6
823T5hMEA1MfmJvHG8orU6gn4sG+s+4FixJhY2ALeQTfvFpKl6kFaVWVRs+xfjtz
naIG+Tae5rVVv/7SbUkAhoghnB/9TWyICqfYNDkBMq0DbCZXuH7HTeNcvTN9t+bd
u+fng7fpksaqBZvpBGv78AvZ0Y4yl5MiguIBT4lIFr1+ZS6hB5BCNl3QyDc6bL/B
/TUrVqjSXvHqAWjQ5kPadwk4CoUVAiZoHzi5g4Rodgd6V26VDrXu3Vw2UfycXnGx
Q2fht4ZwNVGHxG68w0oQFR73pvNeikkk74r0No/36xQeWr0CPpFCZJCJoG3f5z9n
5N7mbqostI+XZeR46q0iQhSznTNK5iCraw5F9k5Wsj0tDo1yViml8136h2PT2l7s
Pju49SSE+s8RPfrOLCvY
=Fb9Q
-----END PGP SIGNATURE-----


Reply to: