-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : cakephp Version : 1.3.15-1+deb7u2 CVE ID : CVE-2016-4793
Dawid Golunski from legalhackers.com discovered that cakephp, an application development framework for PHP, contains a vulnerability that allows attackers to spoof the source IP address. It would allow them to bypass access control lists, or the injection of malicious data which, if treated as sanitized by an unaware CakePHP-based application, can lead to other vulnerabilities such as SQL injection, XSS or command injection. For Debian 7 "Wheezy", these problems have been fixed in version 1.3.15-1+deb7u2. We recommend that you upgrade your cakephp packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAliwjGJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQWwA//b6iS7+366HjXXejDeoik4NUO3VgebIGCn+uRUMMlv8cAisFyjArBYRKd yyf+3gG5+/FqtIAXMi+ivzxvbMUeEegQj0jrZmQHZ5fMMqKg7nfpmJ8X+YG6VaPl l9CEz/aqXvuUtwNffkuxg8Vdux0zeSuuAPzrhnMYjFQP0vDAY/FrmmjRMwUjzCta FwF/3hYblFGqSImiNeL8/8eqBxymhl3QyZ2O0cEEE45Ip92D/na0uDyPY6aEmF6z SsFIA71aO9QKjLdGjZ7Ubjh3zRxouwXYr0Y8Q9cHOhruYbLJ9rV7MXbb1NnnSAj0 TkAnkTdl1e7fn8bNaMbQoKB/Bi/udU2eyDFSF70GT3Vsdyx0ZzF1Ut9s1fPRaXm2 qgx3faavRCPCyB8gftWFk+hdp6oLxht+NuWVypclewEA5Tdl5zKylQECc5mh6SVn NX0FEkKhFU3Tzrh8H7ba8rjJTBMiriOMdlYsscj5l7Xq1bwv97l330TBKP24vMOG o9GMClySVkr1wsxy5uX8ChTg4FFoe2cfqGEkxh/edFVlZTOlqKQ5WpPvMwu/qGjY MpekY4KyojZWs16zm7EPHVmM6hXEDID/1so8BWkax/W+JVp6LTDe4Pl6PNDatCeQ 1+jDhbOsopOnxgrMVnToY2xRJ/1+pDkQny9jwiCQ+A8f54VzFio= =64uF -----END PGP SIGNATURE-----
