Your message dated Sat, 19 Apr 2014 19:50:27 +0000 with message-id <e1wbbhp-0006zi...@franck.debian.org> and subject line Bug#743175: fixed in zendframework 1.12.5-0.1 has caused the Debian Bug report #743175, regarding zendframework: two security issues to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 743175: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743175 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: zendframework Severity: serious Tags: security fixed-upstream patch Hi, Two new security advisories were published for the Zend Framework. * ZF2014-01: Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse http://framework.zend.com/security/advisory/ZF2014-01 * ZF2014-02: Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer http://framework.zend.com/security/advisory/ZF2014-02 Can you please see to it that these are addressed in Debian? Cheers, Thijs
--- End Message ---
--- Begin Message ---Source: zendframework Source-Version: 1.12.5-0.1 We believe that the bug you reported is fixed in the latest version of zendframework, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 743...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. David Prévot <taf...@debian.org> (supplier of updated zendframework package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 14 Apr 2014 14:48:35 -0400 Source: zendframework Binary: zendframework zendframework-bin zendframework-resources Architecture: source all Version: 1.12.5-0.1 Distribution: unstable Urgency: medium Maintainer: Frank Habermann <lordla...@lordlamer.de> Changed-By: David Prévot <taf...@debian.org> Description: zendframework - powerful PHP framework zendframework-bin - binary scripts for zendframework zendframework-resources - resource scripts for zendframework Closes: 743175 Changes: zendframework (1.12.5-0.1) unstable; urgency=medium . * Non-maintainer upload * New upstream release, fixes several security issues (Closes: #743175): - ZF2014-01: Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse http://framework.zend.com/security/advisory/ZF2014-01 [CVE-2014-2681] [CVE-2014-2682] [CVE-2014-2683] - F2014-02: Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer http://framework.zend.com/security/advisory/ZF2014-02 [CVE-2014-2684] [CVE-2014-2685] * Update copyright years Checksums-Sha1: 00de5e07954023e9368c964ec9d35dc97582b26a 1525 zendframework_1.12.5-0.1.dsc e7473ef2fcbd3d3fbb30c2151385c431426f352b 27249981 zendframework_1.12.5.orig.tar.gz 17358423996a1d73764063a5dc21a30ccb42bd36 5214 zendframework_1.12.5-0.1.diff.gz ea7dc07d6bc788883593de7b36de97e7f9684fef 4191072 zendframework_1.12.5-0.1_all.deb 53734e42cfa21305449f55dbbb3c1a43e9d82f73 9422 zendframework-bin_1.12.5-0.1_all.deb d77c9d570c9b4c30a6021ea3288119acc45de7b5 35760 zendframework-resources_1.12.5-0.1_all.deb Checksums-Sha256: 6a76916d56f809fe59ffff8ab21283f258d6ddcad063d8750d49ffad9048dbcc 1525 zendframework_1.12.5-0.1.dsc 9f9cd38f9f8f70061feadcd88e96b23a396ca9fcfd9a940cb948711503a39993 27249981 zendframework_1.12.5.orig.tar.gz 7ce3b642e2e01a8747ea8a8117ac56f55600bb2a75810c4dd433623c025c247e 5214 zendframework_1.12.5-0.1.diff.gz 65a7acee9286537139115b649cd1622114f92d00a7a4de3854344dcb23168b11 4191072 zendframework_1.12.5-0.1_all.deb 8a750ab5edb2e94e1bbc585bf50eaf8fa831e072198653b888bb8d99e2a9dd0f 9422 zendframework-bin_1.12.5-0.1_all.deb 40ba26ebe6101223f629e743fe5ff362796d3f03e18331144eef1e69516630e5 35760 zendframework-resources_1.12.5-0.1_all.deb Files: 457f4d6c3f34eec8876eeba48ba93b53 1525 web optional zendframework_1.12.5-0.1.dsc 5a37c0f2e8e66ad07768a262f22b9913 27249981 web optional zendframework_1.12.5.orig.tar.gz 8b87ec13fd22fd48c723690acf62daa0 5214 web optional zendframework_1.12.5-0.1.diff.gz 823e116a1a9d479762d634e6c4976e3b 4191072 web optional zendframework_1.12.5-0.1_all.deb f6af66c45071b8a2b100698565e8bcf0 9422 web optional zendframework-bin_1.12.5-0.1_all.deb 0a9e323142780e43809783b09585e593 35760 web optional zendframework-resources_1.12.5-0.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJTTC9cAAoJEAWMHPlE9r08I1YH/35EaxGsU6m6TnBemMsAFuzD R4Dg5DNJZKSIZT/2mvSXT9yKk1mb0HTWfTP/NYRXSYgk4xdFxbQOwdKwrgeF9Tfh dPeP1vJDvUbpAcssuxfro02OobiHvDU5kld5p+YJyQ9o43KMxhNw/XhBHoxnuyQ3 vOGzTcI3ooBTbHwVf2EAOItTv8kHmznmM56VnjK/JMRf5S/+4IFlahbSH6GdXaNj wl8WT7ZwxwPBwurf3x8U0O9M2pTm6YVMSuB6UK3PavPCrQK4VP5dSmK5hyYTF8Uf lYC9hBjY8JsNWn/u4JOheFzP/3iBUZzXjPYWeDHDaQdNpX94kgv+BawLdmfSPDU= =9mKW -----END PGP SIGNATURE-----
--- End Message ---
