Login
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in php-sabre-dav
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in php-sabre-dav
ID: FEDORA-2014-3401
Distribution: Fedora
Plattformen: Fedora 20
Datum: Mi, 12. März 2014, 16:54
Referenzen: Keine Angabe
Applikationen: SabreDAV

Originalnachricht

Name        : php-sabre-dav
Product : Fedora 20
Version : 1.8.9
Release : 1.fc20
URL : https://github.com/fruux/sabre-dav
Summary : WebDAV Framework for PHP
Description :
What is SabreDAV

SabreDAV allows you to easily add WebDAV support to a PHP application.
SabreDAV is meant to cover the entire standard, and attempts to allow
integration using an easy to understand API.

Feature list:
* Fully WebDAV compliant
* Supports Windows XP, Windows Vista, Mac OS/X, DavFSv2, Cadaver, Netdrive,
Open Office, and probably more.
* Passing all Litmus tests.
* Supporting class 1, 2 and 3 Webdav servers.
* Locking support.
* Custom property support.
* CalDAV (tested with Evolution, iCal, iPhone and Lightning).
* CardDAV (tested with OS/X addressbook, the iOS addressbook and Evolution).
* Over 97% unittest code coverage.

-------------------------------------------------------------------------------
-
Update Information:

This release fixes a security issue and an issue related to large files in
SabreDAV.

* XEE issue: Previous SabreDAV versions had a security issue, if running on the
following PHP versions: PHP 5.3, older than 5.3.23, PHP 5.4, older than 5.4.13, PHP 5.5 is not affected by this.

* Large file support: It was also discovered that SabreDAV can often not serve
files larger than 2GB, due to a bug in PHP's fpassthru method. If you ran into this issue, update sabredav. We are now no longer using fpasshtru.
-------------------------------------------------------------------------------
-
ChangeLog:

-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update php-sabre-dav' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung