-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : cakephp Version : 1.3.2-1.1+deb6u11
CakePHP, an open-source web application framework for PHP, was vulnerable to SSRF (Server Side Request Forgery) attacks. Remote attacker can utilize it for at least DoS (Denial of Service) attacks, if the target application accepts XML as an input. It is caused by insecure design of Cake's Xml class. For Debian 6 Squeeze, this issue has been fixed in cakephp version 1.3.2-1.1+deb6u11. Regards, - - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWKhDXAAoJEB6VPifUMR5YKOEP/iRyGUYM9ia/LQPXZLKkj405 lCg3jOTq0Lua/eu4dJI3rNeueXNiKLikE4/P5JDTJ7YXq91o4zKX21dHE9rfVXCw uy6E/W/vt9qIrABMorCpeu4/rlQng8gsSHm1SUjHSfT4HV7/ZEYB4YJ10BOAwSRT IxOVyPxzynhITNtDtaTcFGTgCqr0ACrwPGvHXvoSJikbSpevvVlqPzpwyw9fpiB8 AVNqGDHnz0Q4DL5+S/Hkqk5J2MB3AkzvyAR9h04gwgHoYja3yE17UHdneejB5QJ6 823T5hMEA1MfmJvHG8orU6gn4sG+s+4FixJhY2ALeQTfvFpKl6kFaVWVRs+xfjtz naIG+Tae5rVVv/7SbUkAhoghnB/9TWyICqfYNDkBMq0DbCZXuH7HTeNcvTN9t+bd u+fng7fpksaqBZvpBGv78AvZ0Y4yl5MiguIBT4lIFr1+ZS6hB5BCNl3QyDc6bL/B /TUrVqjSXvHqAWjQ5kPadwk4CoUVAiZoHzi5g4Rodgd6V26VDrXu3Vw2UfycXnGx Q2fht4ZwNVGHxG68w0oQFR73pvNeikkk74r0No/36xQeWr0CPpFCZJCJoG3f5z9n 5N7mbqostI+XZeR46q0iQhSznTNK5iCraw5F9k5Wsj0tDo1yViml8136h2PT2l7s Pju49SSE+s8RPfrOLCvY =Fb9Q -----END PGP SIGNATURE-----