[Pkg-giraffe-discuss] kopano-webapp-plugin-files: embedded version of phpfastcache affected by CVE CVE-2019-16774?
Felix Bartels
f.bartels at kopano.com
Thu Jan 2 09:54:41 GMT 2020
Hi Carsten,
I got a response from our WebApp team just now. They currently have a pull request open to update the library. Pull requests and ticket are not public, but the change is in https://stash.kopano.io/projects/KWA/repos/files/commits/d0ad727b278cc43ce63218b5aa986a825f857b61
Ticket is https://jira.kopano.io/browse/KFP-418
Regards Felix
PS: please send security related questions in the future to security at kopano.com
-----Original Message-----
From: Pkg-giraffe-discuss <pkg-giraffe-discuss-bounces+f.bartels=kopano.com at alioth-lists.debian.net> On Behalf Of Carsten Schoenert
Sent: 20 December 2019 21:05
To: pkg-giraffe-discuss at alioth-lists.debian.net; Jelle van der Waa <j.vanderwaa at kopano.com>; Simon Eisenmann <s.eisenmann at kopano.com>
Subject: Re: [Pkg-giraffe-discuss] kopano-webapp-plugin-files: embedded version of phpfastcache affected by CVE CVE-2019-16774?
Hello Jelle and Simon,
could you please give an statement about the used phpfastcache version in kopano-webapp-plugin-files?
Am 14.12.19 um 10:50 schrieb Carsten Schoenert:
> Am 14.12.19 um 10:46 schrieb Carsten Schoenert:
>> Would mean this is less than 5.3.0 and this embedded version is
>> affected. Is this correct?
>
> meh, s/5.3.0/5.1.3/
>
--
Regards
Carsten Schoenert
_______________________________________________
Pkg-giraffe-discuss mailing list
Pkg-giraffe-discuss at alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-giraffe-discuss
More information about the Pkg-giraffe-discuss
mailing list