oss-sec mailing list archives
Zend Framework CVEs
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 08 Jul 2014 16:52:46 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 As I understand Zend it's a BSD style license, so Open Source, so posting here, CC'ing upstream and Mitre. Can we please get CVE's for: http://framework.zend.com/security/advisory/ZF2014-04 ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select http://framework.zend.com/security/advisory/ZF2014-03 ZF2014-03: Potential XSS vector in multiple view helpers http://framework.zend.com/security/advisory/ZF2014-02 ZF2014-02: Potential security issue in login mechanism of ZendOpenId and Zend_OpenId consumer http://framework.zend.com/security/advisory/ZF2014-01 ZF2014-01: Potential XXE/XEE attacks using PHP functions: simplexml_load_*, DOMDocument::loadXML, and xml_parse === There are some CVE's for 2013 Zend issues, I haven't checked the mapping to/from the Zend advisories. http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=zend http://framework.zend.com/security/advisory/ZF2013-01 http://framework.zend.com/security/advisory/ZF2013-02 http://framework.zend.com/security/advisory/ZF2013-03 http://framework.zend.com/security/advisory/ZF2013-04 - -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTvHY+AAoJEBYNRVNeJnmTkNUQAMdyWWFujlInezhKS/WVmnyn MOlCXikvO0x/cveqKcb1cBYaaWwSWjEw9Q2Yd19+VyV+FZ4Sk8F3v+FllRIq8Yxt 88K44XLKOjFhjzwqIKEsaqzNPfQckjoJ51ekEdiD6GlQ3MAtjuRGIRryVqOF3Je3 ir5qfyQNp9dHjU67HsJ2p2LBk6LvwSe/QSMIYmkhvReEQcuL5F5nhk53IjvYZbCO uupZmjOZnjFoZ/XnKTnDdWeJ4hRcuYZd9edjbbCcPU8j7lw/w4D6p6AMq12+JQFY V4vReQh31Y38MpewlaTi84fWb6eR3M3g4aPk8YSTzN8hL1tkjmEe2ayNPQDpgV0q 1Uf8+KTFK6JSDCKzVEZNr540V1rFh2WfPBzMbO5Qvqj9MFV9Dw6PylgTnX/LH6IT A3pfYszDb4TRwb7tp+Imdqz+I9odAg+N4q7WxFlBk+EbOEM8scd2jIvgvqDixh2T KWyZPU7Mveqzf/0+BwDmoG6tpeGBADJyiY2ZwFSMr55B0v72nVraDeCDM1l4p/QY mXjPa3dGGSJCfn5BaJoZ6wt1DRsDE7ZcON0RrCi4lr3Hb/RoXbLHNroqZYKghrBH lIz7cc6k3WQZGg+L9foMvv02nfG9VYlO3k2D1XcSkx+mBKIcVwhkb/lxxg8qPy42 MVs/F3unXP4Ir5ST6Y2K =Xsd6 -----END PGP SIGNATURE-----
Current thread:
- Zend Framework CVEs Kurt Seifried (Jul 08)
- Re: Zend Framework CVEs Moritz Muehlenhoff (Jul 08)
- Re: Zend Framework CVEs Murray McAllister (Jul 08)
- Re: Zend Framework CVEs Murray McAllister (Jul 08)
- Re: Zend Framework CVEs cve-assign (Jul 11)