-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 15 Jun 2015 22:36:44 +0200 Source: zendframework Binary: zendframework zendframework-bin Architecture: source all Version: 1.10.6-1squeeze3 Distribution: squeeze-lts Urgency: medium Maintainer: Frank Habermann <lordlamer@lordlamer.de> Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net> Description: zendframework - powerful PHP framework zendframework-bin - binary scripts for zendframework Changes: zendframework (1.10.6-1squeeze3) squeeze-lts; urgency=medium . * Non-maintainer upload by the Squeeze LTS team. * Fix ZF2012-02: Denial of Service vector via XEE injection http://framework.zend.com/security/advisory/ZF2012-02 [CVE-2012-6531]. * Backport security fixes from wheezy: * Handle patches with gbp pq * Fix ZF2014-01: Potential XXE/XEE attacks. Numerous components utilizing PHP's DOMDocument, SimpleXML, and xml_parse functionality were vulnerable. http://framework.zend.com/security/advisory/ZF2014-01 [CVE-2014-2681] [CVE-2014-2682] [CVE-2014-2683] * Fix ZF2014-02: Security fix for OpenID. Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer. http://framework.zend.com/security/advisory/ZF2014-02 [CVE-2014-2684] [CVE-2014-2685] * Fix ZF2014-04: Potential SQL injection. The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. http://framework.zend.com/security/advisory/ZF2014-04 [CVE-2014-4914] * Fix ZF2014-05: Potential XML eXternal Entity injection vectors http://framework.zend.com/security/advisory/ZF2012-05 [CVE-2014-8088] * Fix ZF2014-06: SQL injection vector when manually quoting values http://framework.zend.com/security/advisory/ZF2014-06 [CVE-2014-8089] * Fix ZF2015-04: CRLF injections in HTTP and Mail http://framework.zend.com/security/advisory/ZF2015-04 [CVE-2015-3154] Checksums-Sha1: 5caef7a1366bbd795760859c4085d06441438101 1727 zendframework_1.10.6-1squeeze3.dsc 5d1a4fde06ce70a93ac6cd5dd7996380965940fd 26014 zendframework_1.10.6-1squeeze3.diff.gz 1a9a32ac9b224c1be4c7ac58ff173443c38815bc 3592240 zendframework_1.10.6-1squeeze3_all.deb 713ecc5cb7cadef0bb1207a222f3fa7014706cb6 10048 zendframework-bin_1.10.6-1squeeze3_all.deb Checksums-Sha256: 2a6abb0a17cfc14056604f3ab49fcb0317a0122a24df6c121b843c6476085fb1 1727 zendframework_1.10.6-1squeeze3.dsc 12a25bf08ebada92dd0eb628a09b51b304463b9652028ddd3696e88e5602445a 26014 zendframework_1.10.6-1squeeze3.diff.gz 44cdd13983602e029100d0914db2262073bbfffe8c93455cd13f6bbf72d2d12c 3592240 zendframework_1.10.6-1squeeze3_all.deb bf6afe59098e531f728dff4b12245ba1bfe5e9fa457c6aa2c6170c7770a18a95 10048 zendframework-bin_1.10.6-1squeeze3_all.deb Files: f395858952fbcd0337ccbbac315c8ddf 1727 web optional zendframework_1.10.6-1squeeze3.dsc de99964742985260718d873555aff4f8 26014 web optional zendframework_1.10.6-1squeeze3.diff.gz cd9a855570415ef245ec57446b15a275 3592240 web optional zendframework_1.10.6-1squeeze3_all.deb 63aaff8b61a2f62569bf8d0797451362 10048 web optional zendframework-bin_1.10.6-1squeeze3_all.deb -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVhWErAAoJEN5v/bjI1ki9KWwQAKVUuOQwh7GcRlXqXwYWA8MO 6X8LkV2DJ9HTmfjkEhOYWnnvYv/luW8GMi4Sq/3F07/XdgSXOjiEXpktHM6qJU75 0YdKhc562HDKjwtejZ4EaAQL0JIACaooEhQymcTDVSzlqUZTueRn1OUqljB81SYv /5EE6rIg/92wM/BIrjF5lnnTYXcbJUscmbUW1RFZ/cyEB0sSuq42aQhsDh9BHXaQ QjDOFKlYLDAw4x93pfmCmUHTiMBeGNvUkKh9LWiHnQTnVjyAk9FOE+KzXN7K0Tnf +V/9s9EOOchUr8+LWCmVQGWEdBndSqhCscd59PZ38sh+zzjr/XZRu8xEWCjzvL+I ptiti2qLBK0bOpXK8DeT8nhF6ES690nIUVAFKBQcQKd6A0GGYAURvrXa5Kf/lsmB yrMQVdtn1CJ/roVWxI4CMZLWov+9U80FrDY1haoMTaVlgEL6YwRfcQNRosb4+ydY TrHXPHcS+furHKTLHO0r7SZG+qTUmN57TuDykEprPRhBhXQGA19F9sb9lXio7fS2 0eEdr0m0D8wMxhPrBmrZ476kj0OWjAb5joE+HzSAM6YFM5EmS+mkvejaiNKcmCxI Lgl29DinENPW6tsACruEDSM1iYam/dB7SP4uNXrEMEw1EvU0WIjvyqQ+X1jrXHiu YV8nEaCS1uXAUo+n2Wxc =MyGn -----END PGP SIGNATURE-----