Mangelnde Rechteprüfung in php-sabredav-Sabre_CalDAV
ID: | FEDORA-2014-14066 |
Distribution: | Fedora |
Plattformen: | Fedora 19 |
Datum: | So, 23. November 2014, 11:12 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6403 |
Applikationen: | php-sabredav-Sabre_CalDAV |
Originalnachricht |
|
Name : php-sabredav-Sabre_CalDAV Product : Fedora 19 Version : 1.7.9 Release : 1.fc19 URL : http://sabre.io Summary : Provides RFC4791 (CalDAV) support to Sabre_DAV Description : CalDAV plugin for Sabre, adds support for CalDAV in Sabre_DAV. -------------------------------------------------------------------------------- Update Information: This update provides ownCloud 5.0.17, the latest release in the 5.x series, plus an extra security-related fix backported from the stable5 branch. It also provides SabreDAV 1.7.13. This is also a major upgrade from SabreDAV 1.6, and has API incompatibilities. ownCloud is the only Fedora 19 package that requires SabreDAV, and ownCloud 5 cannot work with SabreDAV 1.6: the API-incompatible upgrade is unfortunate but necessary to provide a secure ownCloud release. ownCloud 4.5, the current version in Fedora 19, is un-maintained, subject to known security issues, and has no upgrade path beyond ownCloud 5. Upgrading directly from 4.5 to the current version in Fedora 20 or 21 - ownCloud 7 - would likely fail. I plan to update the package to 6.x before Fedora 19 goes EOL and maintain the 5.x and 6.x builds in a side repository to make sure there is a viable upgrade path from Fedora 19. Initial testing on the 4.x -> 5.x upgrade has been performed, but please back up your user data, ownCloud configuration and ownCloud database before performing the upgrade. Please file negative karma and a bug report for any issues encountered during the upgrade. Ideally, the upgrade should run smoothly on first access to the updated ownCloud instance with no manual intervention required. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 28 2014 Adam Williamson |