Bug 37002
| Summary: | zendframework: Multiple issues (4.0) | ||
|---|---|---|---|
| Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
| Component: | Security updates | Assignee: | Daniel Tröder <troeder> |
| Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
| Severity: | normal | ||
| Priority: | P3 | CC: | gohmann, requate, walkenhorst |
| Version: | UCS 4.0 | Flags: | requate:
Patch_Available+
|
| Target Milestone: | UCS 4.0-3-errata | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| What kind of report is it?: | --- | What type of bug is this?: | --- |
| Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
| User Pain: | Enterprise Customer affected?: | ||
| School Customer affected?: | ISV affected?: | ||
| Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
| Ticket number: | Bug group (optional): | ||
| Max CVSS v3 score: | |||
| Bug Depends on: | |||
| Bug Blocks: | 42575 | ||
|
Description
Moritz Muehlenhoff
Potential CRLF injection attacks in mail and HTTP headers (CVE-2015-3154) This and all other issues are fixed in upstream Debian package 1.11.13-1.1+deb7u1 zendframework 1.11.13-1.1+deb7u3 (incl CVE-2015-5161) was imported and build to scope errata4.0-3. YAML (r63409): 2015-09-02-.yaml OK: DEBIAN_FRONTEND=noninteractive aptitude install -y '?source-package(^zendframework$)?not(?name(udeb))' OK: /usr/share/doc/zendframework/changelog.Debian.gz OK: r63409 OK: 2015-09-02-zendframework.yaml OK: CVE-2014-2681, CVE-2014-2682, CVE-2014-2683 OK: CVE-2014-2684, CVE-2014-2685 OK: CVE-2014-4914 OK: CVE-2014-8088 OK: CVE-2014-8089 FAIL: CVE-2015-3154 missing in YAML, fixed by 1.11.13-1.1+deb7u1 OK: CVE-2015-5161 OK: errata-announce -V 2015-09-02-zendframework.yaml (In reply to Philipp Hahn from comment #3) > FAIL: CVE-2015-3154 missing in YAML, fixed by 1.11.13-1.1+deb7u1 Oh right… from the text I thought that 1.11 is not affected, but I understood it wrong… fixed in r63686 OK: r63686 OK: 2015-09-02-zendframework.yaml |