oss-sec mailing list archives
Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06
From: cve-assign () mitre org
Date: Fri, 10 Oct 2014 02:33:40 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://framework.zend.com/security/advisory/ZF2014-05
Use CVE-2014-8088 (for the issue in both Zend Framework 1.x and Zend Framework 2.x).
http://framework.zend.com/security/advisory/ZF2014-06
Use CVE-2014-8089 (for the issue in both Zend Framework 1.x and Zend Framework 2.x).
(For the ZF2014-05 advisory, the discussion in http://www.openwall.com/lists/oss-security/2014/06/09/2 may be helpful if needed.)
Our understanding is that ZF2014-05 is not closely related to the http://www.openwall.com/lists/oss-security/2014/06/09/2 topic. That June post is about incorrect use of the "empty" PHP library function, an implementation error that (as far as we know) occurred only in Horde. ZF2014-05 is about \0 characters, an implementation error that occurred in Zend Framework and also in, for example, MantisBT (see the http://openwall.com/lists/oss-security/2014/09/12/14 post). - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUN3z9AAoJEKllVAevmvmsfhQIAMiuq6nl6+Xcr+o4xN3wL4Qi fM9K5qyEAcIlrW8Q3F7Ec49wHkEsiCxD/cu3QRyyiY8R1kvm9rYt4paCyThSh+qU 2VRNnJdwMsZ8aXfJQVOE1fZvCmzay4vIlQdarTGhG7DhqEIaNehx+3QoueJEJ9qR 5AWEybnQdo5pTS9rqowTja2jy/9/QlAETk5Q7ASlcWGQx+JHVsNjtWn6N8rhb0eq 4iQfCDzijH2MfaeX/ydNl0CULmuWIzvYvsJ1kx3V3PH1fZZzF/PQLU1meDVqCg+z p3xAP6+uwyOUZEdRQKsP+a0XkcTfd0sa5QaTkoGJIIjgUvywsR1bsC5/NUxa94Q= =PYAP -----END PGP SIGNATURE-----
Current thread:
- CVE request: Zend Framework ZF2014-05 and ZF2014-06 Murray McAllister (Oct 09)
- Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06 cve-assign (Oct 09)