Bug#821042: jessie-pu: package zendframework/1.12.9+dfsg-2+deb8u6

To: David Prévot <taffit@debian.org>, 821042@bugs.debian.org
Subject: Bug#821042: jessie-pu: package zendframework/1.12.9+dfsg-2+deb8u6
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 14 May 2016 18:43:05 +0100
Message-id: <[🔎] 1463247785.6062.50.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 821042@bugs.debian.org
In-reply-to: <20160414220617.GA11710@persil.tilapin.org>
References: <20160414220617.GA11710@persil.tilapin.org>

Control: tags -1 + confirmed

On Thu, 2016-04-14 at 18:06 -0400, David Prévot wrote:
> As agreed with the security team, I’d like to fix another potential
> entropy vulnerability has been fixed in zendframework.
> 
> The fix also gets rid of openssl_random_pseudo_bytes() introduced in the
> previous ZF2015-09 fix, and I also added a regression fix from the
> CVE-2015-7695 (ZF2015-08) patch (this one was introduced in DSA-3369-1).

Apologies for the delay in getting back to you. Please go ahed.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#821042: jessie-pu: package zendframework/1.12.9+dfsg-2+deb8u6
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Processed: Re: Bug#824341: wheezy-pu: update xen-utils-4.1 with patch to boot jessie/grub2 VMs
Next by Date: Processed: Re: Bug#821042: jessie-pu: package zendframework/1.12.9+dfsg-2+deb8u6
Previous by thread: Bug#824341: marked as done (wheezy-pu: update xen-utils-4.1 with patch to boot jessie/grub2 VMs)
Next by thread: Processed: Re: Bug#821042: jessie-pu: package zendframework/1.12.9+dfsg-2+deb8u6
Index(es):
- Date
- Thread