[SECURITY] [DLA 403-1] radicale security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : radicale
Version : 0.3-2+deb6u1
CVE ID : CVE-2015-8747 CVE-2015-8748
Debian Bug : 809920
Several issues have been discovered by Unrud in Radicale, a calendar
and addressbook server. A remote attacker could exploit these
vulnerabilities and call arbitrary functions by sending crafted HTTP
requests.
CVE-2015-8748
Prevent regex injection in rights management.
Prevent crafted HTTP request from calling arbitrary functions.
CVE-2015-8747
The multifilesystem backend allows access to arbitrary files
on all platforms. (Squeeze is not affected because the
multifilesystem backend does not exist in this version.)
For Debian 6 "Squeeze", these problems have been fixed in version
0.3-2+deb6u1.
We recommend that you upgrade your radicale packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQJ8BAEBCgBmBQJWp+cSXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1HkmJwQAMNX/RB07wNU+TsQfwooDEXk
+iKVYYeBANn0RV1wGH2gO/Kt4+qIf8RTWJpW93YzJitDeawlsZ8kKgWA1aufX1Zz
0sIqsngURac5OpgE2n+aLhScrvQxs8SYwCFhEz9vtXDBfgQT6E61wNvAsl9hPgTR
981m3hIkRCed7Pj265TLDu0gP4AMKokO8een2k37fUO6YavEur/BT8y3TMIwL26T
QHZrBip6nB8WTm5nyHmEfIhi05ldBnaw1sKnidB6QQF8FBZhHGfV8bjLMCf6CQUM
N37z9PYyCtZtkbAgj8t0MQLXNwI/PEi09xJP6seoD0suHUUfS0B20YjKKYjj0xvM
6hYOdBXQ9XqVURSOtKi40GclLoZEDMjDlqRp7wYazTQX3ZrY7YzVYODOWKUWqFdv
37840BXKbEEdA0ovgpMKUgUKXFrxfFXekAXVwdYsn8oBt7e/1Zv3Nlq1Mq/Jb80u
MFqx8NkNRU3cyBz3qzh7mAjNA+zQ3t6mhLoQs5EQ2JKAF7AdJnU72aM9BoZh9FR/
6ZdYJi9GW1Ctxvwy1W0Ac2fra2e/dpErklKxnf3FnzsJtvML3+/LEZ204d4x2ZC0
qPDggYcb3XZqtyTgFufvPt42rbNDH2vcWt9NFe8TqHevq2sIOW1KLE2MmGX84sJ6
FmTi7WIRMvcLW/hzIxAk
=Dc1M
-----END PGP SIGNATURE-----
Reply to: