Date: Fri, 10 Oct 2014 02:33:40 -0400 (EDT) From: cve-assign@...re.org To: mmcallis@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > http://framework.zend.com/security/advisory/ZF2014-05 Use CVE-2014-8088 (for the issue in both Zend Framework 1.x and Zend Framework 2.x). > http://framework.zend.com/security/advisory/ZF2014-06 Use CVE-2014-8089 (for the issue in both Zend Framework 1.x and Zend Framework 2.x). > (For the ZF2014-05 advisory, the discussion in > http://www.openwall.com/lists/oss-security/2014/06/09/2 may be helpful > if needed.) Our understanding is that ZF2014-05 is not closely related to the http://www.openwall.com/lists/oss-security/2014/06/09/2 topic. That June post is about incorrect use of the "empty" PHP library function, an implementation error that (as far as we know) occurred only in Horde. ZF2014-05 is about \0 characters, an implementation error that occurred in Zend Framework and also in, for example, MantisBT (see the http://openwall.com/lists/oss-security/2014/09/12/14 post). - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUN3z9AAoJEKllVAevmvmsfhQIAMiuq6nl6+Xcr+o4xN3wL4Qi fM9K5qyEAcIlrW8Q3F7Ec49wHkEsiCxD/cu3QRyyiY8R1kvm9rYt4paCyThSh+qU 2VRNnJdwMsZ8aXfJQVOE1fZvCmzay4vIlQdarTGhG7DhqEIaNehx+3QoueJEJ9qR 5AWEybnQdo5pTS9rqowTja2jy/9/QlAETk5Q7ASlcWGQx+JHVsNjtWn6N8rhb0eq 4iQfCDzijH2MfaeX/ydNl0CULmuWIzvYvsJ1kx3V3PH1fZZzF/PQLU1meDVqCg+z p3xAP6+uwyOUZEdRQKsP+a0XkcTfd0sa5QaTkoGJIIjgUvywsR1bsC5/NUxa94Q= =PYAP -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.