[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted zendframework 1.11.13-1.1+deb7u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 14 May 2015 11:50:05 -0400
Source: zendframework
Binary: zendframework zendframework-bin zendframework-resources
Architecture: source all
Version: 1.11.13-1.1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Frank Habermann <lordlamer@lordlamer.de>
Changed-By: David Prévot <taffit@debian.org>
Description: 
 zendframework - powerful PHP framework
 zendframework-bin - binary scripts for zendframework
 zendframework-resources - resource scripts for zendframework
Closes: 743175 754201
Changes: 
 zendframework (1.11.13-1.1+deb7u1) wheezy-security; urgency=high
 .
   * Track Wheezy updates in the wheezy branch
   * Handle patches with gbp pq
   * Fix ZF2014-01: Potential XXE/XEE attacks.
     Numerous components utilizing PHP's DOMDocument, SimpleXML, and
     xml_parse functionality were vulnerable.
     http://framework.zend.com/security/advisory/ZF2014-01
     [CVE-2014-2681] [CVE-2014-2682] [CVE-2014-2683] (Closes: #743175)
   * Fix ZF2014-02: Security fix for OpenID.
     Potential security issue in login mechanism of ZendOpenId and
     Zend_OpenId consumer.
     http://framework.zend.com/security/advisory/ZF2014-02
     [CVE-2014-2684] [CVE-2014-2685] (Closes: #743175)
   * Fix ZF2014-04: Potential SQL injection.
     The implementation of the ORDER BY SQL statement in Zend_Db_Select of
     Zend Framework 1 contains a potential SQL injection when the query
     string passed contains parentheses.
     http://framework.zend.com/security/advisory/ZF2014-04
     [CVE-2014-4914] (Closes: #754201)
   * Fix ZF2014-05: Potential XML eXternal Entity injection vectors
     http://framework.zend.com/security/advisory/ZF2012-05
     [CVE-2014-8088]
   * Fix ZF2014-06: SQL injection vector when manually quoting values
     http://framework.zend.com/security/advisory/ZF2014-06
     [CVE-2014-8089]
   * Fix ZF2015-04: CRLF injections in HTTP and Mail
     http://framework.zend.com/security/advisory/ZF2015-04
     [CVE-2015-3154]
Checksums-Sha1: 
 02d0223186e9c574e8437f77951beceb6abfe0d4 1586 zendframework_1.11.13-1.1+deb7u1.dsc
 b0921984bd2edc64a238c0a8db2f5be57844a751 20217474 zendframework_1.11.13.orig.tar.gz
 d698e345665c918ab97e4a38879133d84321a568 36049 zendframework_1.11.13-1.1+deb7u1.diff.gz
 be9ee1a3a4e94418e909b0f312127b745070d4cc 3734178 zendframework_1.11.13-1.1+deb7u1_all.deb
 990965b1df9f06e2bab92f127c27f5f7a5d3a185 10558 zendframework-bin_1.11.13-1.1+deb7u1_all.deb
 8b281411d52c3e3187f9d7ab2b6babc648035616 38912 zendframework-resources_1.11.13-1.1+deb7u1_all.deb
Checksums-Sha256: 
 a1e351f7898b3cc30b1fc8846cb30924c0e75884ab364f521391fbbeaf43148f 1586 zendframework_1.11.13-1.1+deb7u1.dsc
 2d7349ae9133bd4fee39c5c7ab605c70d3a6db89bca229b4105a9b53b6a12996 20217474 zendframework_1.11.13.orig.tar.gz
 f64c6619a7ccb6603d3454816ea95c4a3584dbe453a6b8dde0349ff6d8009f94 36049 zendframework_1.11.13-1.1+deb7u1.diff.gz
 5d04f52220bdd6c2f3e28505abcea4de222572a0f658f39b6f0822939ccd1770 3734178 zendframework_1.11.13-1.1+deb7u1_all.deb
 29eacc71f3d35b5bdabd64d578afd1a47f2d342ecd11331880011a960eb98530 10558 zendframework-bin_1.11.13-1.1+deb7u1_all.deb
 f7e8d6e2b980761481060d972d8ee44105fc8ec17627ad3c2b5e2b0007991c5d 38912 zendframework-resources_1.11.13-1.1+deb7u1_all.deb
Files: 
 d22165ce2e08e5d1006cf05c3ec748e2 1586 web optional zendframework_1.11.13-1.1+deb7u1.dsc
 db77b24f2ad4dbaf36f2a5b517522780 20217474 web optional zendframework_1.11.13.orig.tar.gz
 a43fc9d45858090df087f3dae3a113a8 36049 web optional zendframework_1.11.13-1.1+deb7u1.diff.gz
 35bee7246dfdae19e4d4c54fa5a8b561 3734178 web optional zendframework_1.11.13-1.1+deb7u1_all.deb
 ab5e9d4aabb8f3a215b48c3f75e1c125 10558 web optional zendframework-bin_1.11.13-1.1+deb7u1_all.deb
 adff59c83b2454d0879865f2b986c820 38912 web optional zendframework-resources_1.11.13-1.1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJVVMb/AAoJEAWMHPlE9r08VSMH/im0BMokSzAtuGQ/a+mxeEft
H3FVo96I4w8J/o3NKCAy2nfsLA9jTOiKHzfz/LQ4o0sBh3mzEqsZiovEuq9XYRH6
dfAPL8Av8TPTsPaMxUl4cAQc/rllp4OyeOILETw9xaeA+MEdyV/zNiBJKTxJIR8q
Nwt77M6AT3dyz1xQjq2/3zcMUSCRDnrlHIo0D09rNLKWHvjL3drJ1D6TFJwhRqq5
TAtGfUZ1dWfbicES7OHqDhQo2MBgsbtUtnNrCW1cHeLVUcQGbg7r8ozwpphpl7xY
cGv3QVnclzhV+r8nemPbB1dCpdK0mfc/rnL+Nsfc/ooUWRBIzX+VgOIJiW9WE4Q=
=4CgT
-----END PGP SIGNATURE-----


Reply to: