-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 14 May 2015 11:50:05 -0400 Source: zendframework Binary: zendframework zendframework-bin zendframework-resources Architecture: source all Version: 1.11.13-1.1+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Frank Habermann <lordlamer@lordlamer.de> Changed-By: David Prévot <taffit@debian.org> Description: zendframework - powerful PHP framework zendframework-bin - binary scripts for zendframework zendframework-resources - resource scripts for zendframework Closes: 743175 754201 Changes: zendframework (1.11.13-1.1+deb7u1) wheezy-security; urgency=high . * Track Wheezy updates in the wheezy branch * Handle patches with gbp pq * Fix ZF2014-01: Potential XXE/XEE attacks. Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality were vulnerable. http://framework.zend.com/security/advisory/ZF2014-01 [CVE-2014-2681] [CVE-2014-2682] [CVE-2014-2683] (Closes: #743175) * Fix ZF2014-02: Security fix for OpenID. Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer. http://framework.zend.com/security/advisory/ZF2014-02 [CVE-2014-2684] [CVE-2014-2685] (Closes: #743175) * Fix ZF2014-04: Potential SQL injection. The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. http://framework.zend.com/security/advisory/ZF2014-04 [CVE-2014-4914] (Closes: #754201) * Fix ZF2014-05: Potential XML eXternal Entity injection vectors http://framework.zend.com/security/advisory/ZF2012-05 [CVE-2014-8088] * Fix ZF2014-06: SQL injection vector when manually quoting values http://framework.zend.com/security/advisory/ZF2014-06 [CVE-2014-8089] * Fix ZF2015-04: CRLF injections in HTTP and Mail http://framework.zend.com/security/advisory/ZF2015-04 [CVE-2015-3154] Checksums-Sha1: 02d0223186e9c574e8437f77951beceb6abfe0d4 1586 zendframework_1.11.13-1.1+deb7u1.dsc b0921984bd2edc64a238c0a8db2f5be57844a751 20217474 zendframework_1.11.13.orig.tar.gz d698e345665c918ab97e4a38879133d84321a568 36049 zendframework_1.11.13-1.1+deb7u1.diff.gz be9ee1a3a4e94418e909b0f312127b745070d4cc 3734178 zendframework_1.11.13-1.1+deb7u1_all.deb 990965b1df9f06e2bab92f127c27f5f7a5d3a185 10558 zendframework-bin_1.11.13-1.1+deb7u1_all.deb 8b281411d52c3e3187f9d7ab2b6babc648035616 38912 zendframework-resources_1.11.13-1.1+deb7u1_all.deb Checksums-Sha256: a1e351f7898b3cc30b1fc8846cb30924c0e75884ab364f521391fbbeaf43148f 1586 zendframework_1.11.13-1.1+deb7u1.dsc 2d7349ae9133bd4fee39c5c7ab605c70d3a6db89bca229b4105a9b53b6a12996 20217474 zendframework_1.11.13.orig.tar.gz f64c6619a7ccb6603d3454816ea95c4a3584dbe453a6b8dde0349ff6d8009f94 36049 zendframework_1.11.13-1.1+deb7u1.diff.gz 5d04f52220bdd6c2f3e28505abcea4de222572a0f658f39b6f0822939ccd1770 3734178 zendframework_1.11.13-1.1+deb7u1_all.deb 29eacc71f3d35b5bdabd64d578afd1a47f2d342ecd11331880011a960eb98530 10558 zendframework-bin_1.11.13-1.1+deb7u1_all.deb f7e8d6e2b980761481060d972d8ee44105fc8ec17627ad3c2b5e2b0007991c5d 38912 zendframework-resources_1.11.13-1.1+deb7u1_all.deb Files: d22165ce2e08e5d1006cf05c3ec748e2 1586 web optional zendframework_1.11.13-1.1+deb7u1.dsc db77b24f2ad4dbaf36f2a5b517522780 20217474 web optional zendframework_1.11.13.orig.tar.gz a43fc9d45858090df087f3dae3a113a8 36049 web optional zendframework_1.11.13-1.1+deb7u1.diff.gz 35bee7246dfdae19e4d4c54fa5a8b561 3734178 web optional zendframework_1.11.13-1.1+deb7u1_all.deb ab5e9d4aabb8f3a215b48c3f75e1c125 10558 web optional zendframework-bin_1.11.13-1.1+deb7u1_all.deb adff59c83b2454d0879865f2b986c820 38912 web optional zendframework-resources_1.11.13-1.1+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJVVMb/AAoJEAWMHPlE9r08VSMH/im0BMokSzAtuGQ/a+mxeEft H3FVo96I4w8J/o3NKCAy2nfsLA9jTOiKHzfz/LQ4o0sBh3mzEqsZiovEuq9XYRH6 dfAPL8Av8TPTsPaMxUl4cAQc/rllp4OyeOILETw9xaeA+MEdyV/zNiBJKTxJIR8q Nwt77M6AT3dyz1xQjq2/3zcMUSCRDnrlHIo0D09rNLKWHvjL3drJ1D6TFJwhRqq5 TAtGfUZ1dWfbicES7OHqDhQo2MBgsbtUtnNrCW1cHeLVUcQGbg7r8ozwpphpl7xY cGv3QVnclzhV+r8nemPbB1dCpdK0mfc/rnL+Nsfc/ooUWRBIzX+VgOIJiW9WE4Q= =4CgT -----END PGP SIGNATURE-----