news 28 Posted July 28, 2016 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : cakephp Version : 1.3.15-1+deb7u1 Debian Bug : 832283 CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize it for at least DoS (Denial of Service) attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class. For Debian 7 "Wheezy", these problems have been fixed in version 1.3.15-1+deb7u1. We recommend that you upgrade your cakephp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXmnJvAAoJEPZk0la0aRp9BVYP/AwaEyVZleQ71EYHsjPafuoF 1d3FGeZTNkFR+D8bf7+mgmHHtRDHuTCV8Xg0hJS8duXrmVEMQoeNhq7bxaIjLkw6 0kPgtgOEGdUhZFq34C5vOOH0mef3nJcnrlkk2uEGyvrj73jqR557UUGG547msU9F dosYhFcslE79RtXFPj7IMURhKIXzNveWy36I0MUPqqRK6nbiCjEEUGkU2JlzJn0X g+xOlpZB+fsqgLb33Qncn+/ghFx6jL0Rd25fLUvsd7FNf0zFbIlV2ZFzOsUYDDuq HqYB1mXeSr3LveENVPHT3QdYhSCO6A+WEuI0fikoHOuHxvFtL0UehyclaKYWYl6h rRQqgoS7Bb81g1Xw8+/7US8kreIH5oJQ+Ql8l1kGseRoGwriPr+rKPUyWx41/1xe 8XaLmoxfTYIwy76Kt2xy7SMgT8o1UGfk3WG53n6j/wpHnaFwd6CnyfJQmuFig4Z4 M9l3l71UR/NPWvNxf8Im7Bxi5NosrED+2viCaWVenckIDmEaXifindZwcTXwCwug uplbTYaurjGKdjIV+L9cglw+96j+CEiWDzUnOAKY53RT18aHHqhLmApTP/Af6k7j 11WiOW1Alv4qDALWhvHzAbnQDl6+jjXW8/2KtZy5v7DxTH2P0LiwqE/cevEvizVg uGAaQ1KjPW3CfYRn80re =7bDr -----END PGP SIGNATURE----- Share this post Link to post
