[Pkg-giraffe-discuss] kopano-webapp-plugin-files: embedded version of phpfastcache affected by CVE CVE-2019-16774?
Carsten Schoenert
c.schoenert at t-online.de
Sat Dec 14 09:46:05 GMT 2019
Hi,
the security team pointed me to
https://security-tracker.debian.org/tracker/CVE-2019-16774
So this is question mostly to Kopano upstream, which version the
embedded phpfastcache package is based on?
Something we need to take care about?
Looking at commit
> https://stash.kopano.io/projects/KWA/repos/files/commits/0b15aeb7f6af0a0501db727f728207bf39eec4fa#php/lib/phpfastcache/CNAME
which is from May 2016 I assume this is at max upstream version 5.0.2
around.
> https://github.com/PHPSocialNetwork/phpfastcache/tags?after=5.0.2
Would mean this is less than 5.3.0 and this embedded version is
affected. Is this correct?
--
Regards
Carsten Schoenert
More information about the Pkg-giraffe-discuss
mailing list