[Pkg-owncloud-maintainers] Bug#742041: sabredav 1.7.11 available
Miquel van Smoorenburg
miquels at debian.org
Tue Mar 18 15:25:48 UTC 2014
Package: php-sabre-dav
Version: 1.7.6+dfsg-2
Severity: minor
Since the last packaging of 1.7.x there have been quite a few
bugfix-releases, but recently a security-related release was done
(1.7.11), see below.
This doesn't really affect "testing" and "unstable", since jessie has
PHP 5.5 where this isn't an issue, but but there is a wheezy-backport
where this probably is a security problem. So I've set the severity to
"minor" (not quite sure what to do here for backports).
Please update to the latest 1.7.x or 1.8.x - thanks.
Mike.
1.7.11
Evert Pot evert released this 20 days ago · 583 commits to master since
this release
This release fixes a security issue and an issue related to large files
in SabreDAV.
XEE issue
Previous SabreDAV versions had a security issue, if running on the
following PHP versions
PHP 5.3, older than 5.3.23
PHP 5.4, older than 5.4.13
PHP 5.5 is not affected by this.
You are strongly recommended to upgrade, as the security issue could
expose local files or easily trigger a DOS attack.
More information here:
http://websec.io/2012/08/27/Preventing-XEE-in-PHP.html
More information about the Pkg-owncloud-maintainers
mailing list