Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 09 Jul 2014 15:34:28 +1000
From: Murray McAllister <mmcallis@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Zend Framework CVEs

On 07/09/2014 03:33 PM, Murray McAllister wrote:
> On 07/09/2014 08:52 AM, Kurt Seifried wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> As I understand Zend it's a BSD style license, so Open Source, so
>> posting here, CC'ing upstream and Mitre. Can we please get CVE's for:
>>
>> http://framework.zend.com/security/advisory/ZF2014-04
>> ZF2014-04: Potential SQL injection in the ORDER implementation of
>> Zend_Db_Select
>>
>> http://framework.zend.com/security/advisory/ZF2014-03
>> ZF2014-03: Potential XSS vector in multiple view helpers
>>
>> http://framework.zend.com/security/advisory/ZF2014-02
>> ZF2014-02: Potential security issue in login mechanism of ZendOpenId
>> and Zend_OpenId consumer
>>
>> http://framework.zend.com/security/advisory/ZF2014-01
>> ZF2014-01: Potential XXE/XEE attacks using PHP functions:
>> simplexml_load_*, DOMDocument::loadXML, and xml_parse
>
> Good morning,
>
> For the ZF2014-01 and ZF2014-02 assignments, refer to
> http://www.openwall.com/lists/oss-security/2014/04/01/1
>
> Cheers,
>
> --
> Murray McAllister / Red Hat Product Security

Sorry for the spam - I did not see Moritz's reply before I sent this.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.