From upstream's changelog for 1.5.3: "This release fixes a stack smashing error that only showed on 32-bit systems and when compiled with -fstack-protector-all." https://savannah.nongnu.org/forum/forum.php?forum_id=8501 There are no more details, but this sounds like a security vulnerability. Given this is an implementation of a network protocol this is certainly worrying. We already have 1.5.4 in the tree, we should stabilize it.
amd64 stable
x86 stable
ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
commit 4cb763302f57bbfc6453dcfa1ee1d5b762852058 Author: Göktürk Yüksek <gokturk@gentoo.org> Date: Sat Jan 21 15:59:37 2017 -0500 net-fs/davfs2: remove vulnerable version #606448 Package-Manager: portage-2.3.0
No PoC for ACE/RCE, downgraded to B3. GLSA Vote: No Repository is clean.