Package: cakephp | Debian Sources

Package: cakephp / 1.3.2-1.1+deb6u11

Package	Version	Patches format
cakephp	1.3.2-1.1+deb6u11	3.0 (quilt)

Patch	File delta	Description
01 remove shebang.diff \| (download)	cake/console/cake.php \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	---
02 cake binary libs.diff \| (download)	cake/console/cake \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
03 CVE 2010 4335.diff \| (download)	cake/libs/controller/components/security.php \| 7 6 + 1 - 0 ! cake/tests/cases/libs/controller/components/security.test.php \| 24 24 + 0 - 0 ! 2 files changed, 30 insertions(+), 1 deletion(-)	protect against an unsafe serialise cve-2010-4335
debian changes 1.3.2 1.1+deb6u11 \| (download)	cake/libs/xml.php \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	upstream changes introduced in version 1.3.2-1.1+deb6u11 This patch has been created by dpkg-source during the package build. Here's the last changelog entry, hopefully it gives details on why those changes were made: . cakephp (1.3.2-1.1+deb6u11) squeeze-lts; urgency=high . * [TEMP-0000000-698CF7] Address SSRF (Server Side Request Forgery) attack by ensuring included files are "regular" (eg. `./foo.xml`) rather than merely existing (eg. `/dev/urandom`, etc.). . The person named in the Author field signed this changelog entry.

Patch	File delta	Description
01 remove shebang.diff \| (download)	cake/console/cake.php \| 1 0 + 1 - 0 ! 1 file changed, 1 deletion(-)	---
02 cake binary libs.diff \| (download)	cake/console/cake \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	---
03 CVE 2010 4335.diff \| (download)	cake/libs/controller/components/security.php \| 7 6 + 1 - 0 ! cake/tests/cases/libs/controller/components/security.test.php \| 24 24 + 0 - 0 ! 2 files changed, 30 insertions(+), 1 deletion(-)	protect against an unsafe serialise cve-2010-4335
debian changes 1.3.2 1.1+deb6u11 \| (download)	cake/libs/xml.php \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	upstream changes introduced in version 1.3.2-1.1+deb6u11 This patch has been created by dpkg-source during the package build. Here's the last changelog entry, hopefully it gives details on why those changes were made: . cakephp (1.3.2-1.1+deb6u11) squeeze-lts; urgency=high . * [TEMP-0000000-698CF7] Address SSRF (Server Side Request Forgery) attack by ensuring included files are "regular" (eg. `./foo.xml`) rather than merely existing (eg. `/dev/urandom`, etc.). . The person named in the Author field signed this changelog entry.