Bug#821042: jessie-pu: package zendframework/1.12.9+dfsg-2+deb8u6
Control: tags -1 + confirmed
On Thu, 2016-04-14 at 18:06 -0400, David Prévot wrote:
> As agreed with the security team, I’d like to fix another potential
> entropy vulnerability has been fixed in zendframework.
>
> The fix also gets rid of openssl_random_pseudo_bytes() introduced in the
> previous ZF2015-09 fix, and I also added a regression fix from the
> CVE-2015-7695 (ZF2015-08) patch (this one was introduced in DSA-3369-1).
Apologies for the delay in getting back to you. Please go ahed.
Regards,
Adam
Reply to: