[Secure-testing-commits] r43582 - in data: . DLA
Balint Reczey
rbalint at moszumanska.debian.org
Thu Jul 28 20:59:52 UTC 2016
Author: rbalint
Date: 2016-07-28 20:59:52 +0000 (Thu, 28 Jul 2016)
New Revision: 43582
Modified:
data/DLA/list
data/dla-needed.txt
Log:
Reserve DLA-566-1 for cakephp
Modified: data/DLA/list
===================================================================
--- data/DLA/list 2016-07-28 20:57:02 UTC (rev 43581)
+++ data/DLA/list 2016-07-28 20:59:52 UTC (rev 43582)
@@ -1,3 +1,5 @@
+[28 Jul 2016] DLA-566-1 cakephp - security update
+ [wheezy] - cakephp 1.3.15-1+deb7u1
[28 Jul 2016] DLA-565-1 perl - security update
{CVE-2016-1238 CVE-2016-6185}
[wheezy] - perl 5.14.2-21+deb7u4
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-07-28 20:57:02 UTC (rev 43581)
+++ data/dla-needed.txt 2016-07-28 20:59:52 UTC (rev 43582)
@@ -11,13 +11,6 @@
--
asterisk (Thorsten Alteholz)
--
-cakephp (Balint Reczey)
- NOTE: CVE-2015-8379 No official solution is currently available, 20160425
- NOTE: CVE-2015-8379 20160723 Official soution is tightening CSRF token validations in commit 3.1.6-163-ge0f42ab
- NOTE: and updating documentation: http://book.cakephp.org/3.0/en/controllers/components/csrf.html
- NOTE: Wheezy's version is very different from 3.2.0 in which release the issue has been partially fixed.
- NOTE: TEMP-0000000-698CF7 20160723 forward ported Squeeze's fix to Wheezy
---
collectd (Sebastian Harl)
NOTE: Lucas Kanashiro looked into this previously and handed over to the
NOTE: maintainer.
More information about the Secure-testing-commits
mailing list