oss-sec mailing list archives
Re: Zend Framework CVEs
From: Murray McAllister <mmcallis () redhat com>
Date: Wed, 09 Jul 2014 15:33:18 +1000
On 07/09/2014 08:52 AM, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I understand Zend it's a BSD style license, so Open Source, so posting here, CC'ing upstream and Mitre. Can we please get CVE's for: http://framework.zend.com/security/advisory/ZF2014-04 ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select http://framework.zend.com/security/advisory/ZF2014-03 ZF2014-03: Potential XSS vector in multiple view helpers http://framework.zend.com/security/advisory/ZF2014-02 ZF2014-02: Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer http://framework.zend.com/security/advisory/ZF2014-01 ZF2014-01: Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse
Good morning,For the ZF2014-01 and ZF2014-02 assignments, refer to http://www.openwall.com/lists/oss-security/2014/04/01/1
Cheers, -- Murray McAllister / Red Hat Product Security
Current thread:
- Zend Framework CVEs Kurt Seifried (Jul 08)
- Re: Zend Framework CVEs Moritz Muehlenhoff (Jul 08)
- Re: Zend Framework CVEs Murray McAllister (Jul 08)
- Re: Zend Framework CVEs Murray McAllister (Jul 08)
- Re: Zend Framework CVEs cve-assign (Jul 11)