[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

wheezy update of cakephp? (was: Re: squeeze update of cakephp?)

Hi Dmitry,

2016-01-25 0:24 GMT+01:00 Dmitry Smirnov <onlyjob@debian.org>:
> On Sat, 23 Jan 2016 07:37:02 PM Thorsten Alteholz wrote:
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Squeeze version of cakephp:
>> https://security-tracker.debian.org/tracker/CVE-2015-8379
>> Would you like to take care of this yourself?
>> [...]
>> If you don't want to take care of this update, it's not a problem, we
>> will do our best with your package. Just let us know whether you would
>> like to review and/or test the updated package before it gets released.
> Hi Thorsten,
> I won't be able to update (or test) CakePHP in Squeeze. Sorry. Please feel
> free to do whatever is necessary to update CakePHP in Squeeze. Thanks.

LTS support for Squeeze ended but now Wheezy is receiving updates
from the LTS team.

I have prepared an update for Wheezy's cakephp package fixing
TEMP-0000000-698CF7, please see the diff attached.
The fix could also be applied to Jessie's version.

I don't provide a fix for CVE-2015-8379 because Wheezy's (and Jessie's)
version is very different from 3.2.0 in which version upstream released a
partial fix and back-porting all the code seems to be too risky.

I have also opened #832283 for tracking the security issues in Sid and Stretch.

If there is no objection I plan uploading the fixed package to wheezy-security
next week and issue a DLA.


PS: The packages are available for testing from:

Attachment: cakephp_1.3.15-1+deb7u1.debdiff
Description: Binary data

Reply to: