[Secure-testing-commits] r43406 - data
Balint Reczey
rbalint at moszumanska.debian.org
Sat Jul 23 19:25:46 UTC 2016
Author: rbalint
Date: 2016-07-23 19:25:46 +0000 (Sat, 23 Jul 2016)
New Revision: 43406
Modified:
data/dla-needed.txt
Log:
Add notes to cakephp
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-07-23 17:27:25 UTC (rev 43405)
+++ data/dla-needed.txt 2016-07-23 19:25:46 UTC (rev 43406)
@@ -17,6 +17,10 @@
--
cakephp (Balint Reczey)
NOTE: CVE-2015-8379 No official solution is currently available, 20160425
+ NOTE: CVE-2015-8379 20160723 Official soution is tightening CSRF token validations in commit 3.1.6-163-ge0f42ab
+ NOTE: and updating documentation: http://book.cakephp.org/3.0/en/controllers/components/csrf.html
+ NOTE: Wheezy's version is very different from 3.2.0 in which release the issue has been partially fixed.
+ NOTE: TEMP-0000000-698CF7 20160723 forward ported Squeeze's fix to Wheezy
--
dietlibc (Chris Lamb)
NOTE: Waiting for builds to complete to schedule NMUs and sourceful uploads, then then issuing 557-1.
More information about the Secure-testing-commits
mailing list