Accepted zendframework 1.11.13-1.1+deb7u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 14 May 2015 11:50:05 -0400
Source: zendframework
Binary: zendframework zendframework-bin zendframework-resources
Architecture: source all
Version: 1.11.13-1.1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Frank Habermann <lordlamer@lordlamer.de>
Changed-By: David Prévot <taffit@debian.org>
Description:
zendframework - powerful PHP framework
zendframework-bin - binary scripts for zendframework
zendframework-resources - resource scripts for zendframework
Closes: 743175 754201
Changes:
zendframework (1.11.13-1.1+deb7u1) wheezy-security; urgency=high
.
* Track Wheezy updates in the wheezy branch
* Handle patches with gbp pq
* Fix ZF2014-01: Potential XXE/XEE attacks.
Numerous components utilizing PHP's DOMDocument, SimpleXML, and
xml_parse functionality were vulnerable.
http://framework.zend.com/security/advisory/ZF2014-01
[CVE-2014-2681] [CVE-2014-2682] [CVE-2014-2683] (Closes: #743175)
* Fix ZF2014-02: Security fix for OpenID.
Potential security issue in login mechanism of ZendOpenId and
Zend_OpenId consumer.
http://framework.zend.com/security/advisory/ZF2014-02
[CVE-2014-2684] [CVE-2014-2685] (Closes: #743175)
* Fix ZF2014-04: Potential SQL injection.
The implementation of the ORDER BY SQL statement in Zend_Db_Select of
Zend Framework 1 contains a potential SQL injection when the query
string passed contains parentheses.
http://framework.zend.com/security/advisory/ZF2014-04
[CVE-2014-4914] (Closes: #754201)
* Fix ZF2014-05: Potential XML eXternal Entity injection vectors
http://framework.zend.com/security/advisory/ZF2012-05
[CVE-2014-8088]
* Fix ZF2014-06: SQL injection vector when manually quoting values
http://framework.zend.com/security/advisory/ZF2014-06
[CVE-2014-8089]
* Fix ZF2015-04: CRLF injections in HTTP and Mail
http://framework.zend.com/security/advisory/ZF2015-04
[CVE-2015-3154]
Checksums-Sha1:
02d0223186e9c574e8437f77951beceb6abfe0d4 1586 zendframework_1.11.13-1.1+deb7u1.dsc
b0921984bd2edc64a238c0a8db2f5be57844a751 20217474 zendframework_1.11.13.orig.tar.gz
d698e345665c918ab97e4a38879133d84321a568 36049 zendframework_1.11.13-1.1+deb7u1.diff.gz
be9ee1a3a4e94418e909b0f312127b745070d4cc 3734178 zendframework_1.11.13-1.1+deb7u1_all.deb
990965b1df9f06e2bab92f127c27f5f7a5d3a185 10558 zendframework-bin_1.11.13-1.1+deb7u1_all.deb
8b281411d52c3e3187f9d7ab2b6babc648035616 38912 zendframework-resources_1.11.13-1.1+deb7u1_all.deb
Checksums-Sha256:
a1e351f7898b3cc30b1fc8846cb30924c0e75884ab364f521391fbbeaf43148f 1586 zendframework_1.11.13-1.1+deb7u1.dsc
2d7349ae9133bd4fee39c5c7ab605c70d3a6db89bca229b4105a9b53b6a12996 20217474 zendframework_1.11.13.orig.tar.gz
f64c6619a7ccb6603d3454816ea95c4a3584dbe453a6b8dde0349ff6d8009f94 36049 zendframework_1.11.13-1.1+deb7u1.diff.gz
5d04f52220bdd6c2f3e28505abcea4de222572a0f658f39b6f0822939ccd1770 3734178 zendframework_1.11.13-1.1+deb7u1_all.deb
29eacc71f3d35b5bdabd64d578afd1a47f2d342ecd11331880011a960eb98530 10558 zendframework-bin_1.11.13-1.1+deb7u1_all.deb
f7e8d6e2b980761481060d972d8ee44105fc8ec17627ad3c2b5e2b0007991c5d 38912 zendframework-resources_1.11.13-1.1+deb7u1_all.deb
Files:
d22165ce2e08e5d1006cf05c3ec748e2 1586 web optional zendframework_1.11.13-1.1+deb7u1.dsc
db77b24f2ad4dbaf36f2a5b517522780 20217474 web optional zendframework_1.11.13.orig.tar.gz
a43fc9d45858090df087f3dae3a113a8 36049 web optional zendframework_1.11.13-1.1+deb7u1.diff.gz
35bee7246dfdae19e4d4c54fa5a8b561 3734178 web optional zendframework_1.11.13-1.1+deb7u1_all.deb
ab5e9d4aabb8f3a215b48c3f75e1c125 10558 web optional zendframework-bin_1.11.13-1.1+deb7u1_all.deb
adff59c83b2454d0879865f2b986c820 38912 web optional zendframework-resources_1.11.13-1.1+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBCAAGBQJVVMb/AAoJEAWMHPlE9r08VSMH/im0BMokSzAtuGQ/a+mxeEft
H3FVo96I4w8J/o3NKCAy2nfsLA9jTOiKHzfz/LQ4o0sBh3mzEqsZiovEuq9XYRH6
dfAPL8Av8TPTsPaMxUl4cAQc/rllp4OyeOILETw9xaeA+MEdyV/zNiBJKTxJIR8q
Nwt77M6AT3dyz1xQjq2/3zcMUSCRDnrlHIo0D09rNLKWHvjL3drJ1D6TFJwhRqq5
TAtGfUZ1dWfbicES7OHqDhQo2MBgsbtUtnNrCW1cHeLVUcQGbg7r8ozwpphpl7xY
cGv3QVnclzhV+r8nemPbB1dCpdK0mfc/rnL+Nsfc/ooUWRBIzX+VgOIJiW9WE4Q=
=4CgT
-----END PGP SIGNATURE-----
Reply to: