Bug 15541 - php-ZendFramework2 new security issue ZF2015-03 (CVE-2015-1786)
Summary: php-ZendFramework2 new security issue ZF2015-03 (CVE-2015-1786)
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: Cauldron
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: Guillaume Rousse
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/637407/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-20 18:31 CET by David Walser
Modified: 2015-03-23 20:49 CET (History)
1 user (show)

See Also:
Source RPM: php-ZendFramework2-2.3.5-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-03-20 18:31:33 CET 
Upstream has released version 2.3.6 on March 12:
http://framework.zend.com/blog/zend-framework-2-3-6-released.html

It fixes one security issue:
http://framework.zend.com/security/advisory/ZF2015-03

Shortly thereafter they released 2.3.7 to fix a regression:
http://framework.zend.com/blog/zend-framework-2-3-7-released.html

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-03-20 18:32:51 CET 
php-ZendFramework is not affected.

php-ZendFramework2 in Mageia 5/Cauldron is affected.

CC: (none) => oe
Summary: php-ZendFramework2 new security issue ZF2015-03 => php-ZendFramework2 new security issue ZF2015-03 (CVE-2015-1786)
Whiteboard: (none) => MGA5TOO

Comment 2 Guillaume Rousse 2015-03-20 22:43:13 CET 
freeze push just requested for cauldron.
Comment 3 David Walser 2015-03-23 15:42:20 CET 
Fedora has issued an advisory for this on March 14:
https://lists.fedoraproject.org/pipermail/package-announce/2015-March/152804.html
Comment 4 David Walser 2015-03-23 20:49:17 CET 
php-ZendFramework2-2.3.7-1.mga5 uploaded for Cauldron.

Thanks Guillaume!

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Whiteboard: MGA5TOO => (none)
Note You need to log in before you can comment on or make changes to this bug.