Bug 15541

Summary: php-ZendFramework2 new security issue ZF2015-03 (CVE-2015-1786)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: oe
Version: Cauldron   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/637407/
Whiteboard:
Source RPM: php-ZendFramework2-2.3.5-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-03-20 18:31:33 CET 
Upstream has released version 2.3.6 on March 12:
http://framework.zend.com/blog/zend-framework-2-3-6-released.html

It fixes one security issue:
http://framework.zend.com/security/advisory/ZF2015-03

Shortly thereafter they released 2.3.7 to fix a regression:
http://framework.zend.com/blog/zend-framework-2-3-7-released.html

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-03-20 18:32:51 CET 
php-ZendFramework is not affected.

php-ZendFramework2 in Mageia 5/Cauldron is affected.

CC: (none) => oe
Summary: php-ZendFramework2 new security issue ZF2015-03 => php-ZendFramework2 new security issue ZF2015-03 (CVE-2015-1786)
Whiteboard: (none) => MGA5TOO

Comment 2 Guillaume Rousse 2015-03-20 22:43:13 CET 
freeze push just requested for cauldron.
Comment 3 David Walser 2015-03-23 15:42:20 CET 
Fedora has issued an advisory for this on March 14:
https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152804.html
Comment 4 David Walser 2015-03-23 20:49:17 CET 
php-ZendFramework2-2.3.7-1.mga5 uploaded for Cauldron.

Thanks Guillaume!

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Whiteboard: MGA5TOO => (none)