Package: radicale
Version: 1.0.1-2
Severity: critical
Upstream of radicale has released a version 1.1 of radicale fixing
several security issues.
See http://radicale.org/news/
"Many improvements in this release are related to security, you should
upgrade Radicale as soon as possible:"
Improve the regex used for well-known URIs (by Unrud)
Prevent regex injection in rights management (by Unrud)
Prevent crafted HTTP request from calling arbitrary functions (by Unrud)
Improve URI sanitation and conversion to filesystem path (by Unrud)
Decouple the daemon from its parent environment (by Unrud)
