Mageia Bugzilla – Bug 7083
php-ZendFramework missing update for upstream security advisories ZF2011-01 and ZF2011-02
Last modified: 2014-08-04 19:12:15 CEST
Fedora issued updates to the newer versions (1.11.4 and 1.11.6) that fixed these during the course of early last year. Here are the upstream advisories:
Mageia 2 is not affected, as we have 1.11.11 there.
Upstream advisory ZF2012-01 was fixed by our last update.
For that one I was able to find the affect source files and update them to the version where they were fixed (1.11.12). How do you want to handle these other ones?
we strongly urge you to consider upgrading to at least PHP 5.3.6 and use Zend Framework version 1.11.6 or greater.
As we have version 1.11.11 in mga2. I am going to upgrade mga1 to this versions.
Here's the package list that was built.
Once we have an advisory and you're ready, we can assign to QA.
I upgraded the package as in Comment 1.
I upgraded my mga1 on my VM box using urpmi from upgrades/testing and the upgrade went fine.
I have not installation to test it nor do I have the knowledge what/how to test.
I am going to assign it to QA
Testing complete on Mageia 1 i586 and x86-64 using the procedure
Just testing for regressions.
Could someone from the sysadmin team push the srpm
from Mageia 1 Core Updates Testing to Core Updates.
Advisory: This security update for php-ZendFramework corrects
ZF2011-01: Potential XSS in Development Environment Error View Script
ZF2011-02: Potential SQL Injection Vector When Using PDO_MySql
ZF2011-02 appears to have CVE-2011-1939: