Publishing details

Changelog

cakephp (1.3.15-1+deb7u2build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

cakephp (1.3.15-1+deb7u2) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2016-4793:
    The getClientIP function allowed remote attackers to spoof their IP
    address. This vulnerability could be used to bypass access control lists
    to get access to sensitive data, or lead to higher severity vulnerabilities
    if untrusted data returned by getClientIP() is treated as safe and used
    without appropriate sanitization within SQL queries, system command calls
    etc.

cakephp (1.3.15-1+deb7u1) wheezy-security; urgency=medium

  * Address SSRF (Server Side Request Forgery) attack by
    ensuring included files are "regular" (eg. `./foo.xml`) rather than merely
    existing (eg. `/dev/urandom`, etc.). (Closes: #832283)

 -- Tyler Hicks <email address hidden>  Wed, 15 Mar 2017 20:37:24 +0000

Available diffs

Builds

Built packages

Package files