[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: php-sabredav security fix



Hi David, hi bpo-ftpmasters,

VETO (, please)!

On  Di 22 Jul 2014 19:04:47 CEST, David Prévot wrote:

Hi,

Le 22/05/2014 14:58, Gunnar Wolf a écrit :
David Prévot dijo [Wed, May 21, 2014 at 06:57:06AM -0400]:


The php-sabredav package currently available in wheezy-backports is
vulnerable to some security issues, can you please upload a more recent
version?

This new version adds a dependency on php-symfony-classloader, which
does not exist in Backports. If somebody is willing to provide such
dependency, building+updating the package is trivial.

php-symfony-classloader is a trivial package, only needed to run the
test suite.

Otherwise, maybe the best answer would be to remove it from Backports.

Since nobody stepped up in the last two months to fix this security
issue, can someone please take care of the removal of php-sabredav and
its dependencies? (That means owncloud too, but since the backports
package is also outdated, and the latest one also fixes a security
issue, you’ll kill two birds in one stone.)

I will take care of all mentioned packages after my VAC (first week of August).

Thanks+Greets,
Mike
--

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Attachment: pgp4V0CvE8uQj.pgp
Description: Digitale PGP-Signatur


Reply to: