Date: Wed, 09 Jul 2014 15:33:18 +1000 From: Murray McAllister <mmcallis@...hat.com> To: oss-security@...ts.openwall.com CC: cve-assign@...re.org, zf-security@...d.com, Kurt Seifried <kseifrie@...hat.com> Subject: Re: Zend Framework CVEs On 07/09/2014 08:52 AM, Kurt Seifried wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > As I understand Zend it's a BSD style license, so Open Source, so > posting here, CC'ing upstream and Mitre. Can we please get CVE's for: > > http://framework.zend.com/security/advisory/ZF2014-04 > ZF2014-04: Potential SQL injection in the ORDER implementation of > Zend_Db_Select > > http://framework.zend.com/security/advisory/ZF2014-03 > ZF2014-03: Potential XSS vector in multiple view helpers > > http://framework.zend.com/security/advisory/ZF2014-02 > ZF2014-02: Potential security issue in login mechanism of ZendOpenId > and Zend_OpenId consumer > > http://framework.zend.com/security/advisory/ZF2014-01 > ZF2014-01: Potential XXE/XEE attacks using PHP functions: > simplexml_load_*, DOMDocument::loadXML, and xml_parse Good morning, For the ZF2014-01 and ZF2014-02 assignments, refer to http://www.openwall.com/lists/oss-security/2014/04/01/1 Cheers, -- Murray McAllister / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ