DSA-3462-1 radicale -- radicaleID: oval:org.secpod.oval:def:602357 | Date: (C)2016-02-02 (M)2022-09-22 |
Class: PATCH | Family: unix |
Two vulnerabilities were fixed in radicale, a CardDAV/CalDAV server. CVE-2015-8747 The multifilesystem storage backend allows read and write access to arbitrary files . CVE-2015-8748 If an attacker is able to authenticate with a user name like `.*", he can bypass read/write limitations imposed by regex-based rules, including the built-in rules `owner_write" and `owner_only" .
Platform: |
Debian 8.x |
Debian 7.x |