Univention Bugzilla – Full Text Bug Listing |
Summary: | zendframework: Multiple issues (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Moritz Muehlenhoff <jmm> |
Component: | Security updates | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann, requate, walkenhorst |
Version: | UCS 4.0 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.0-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | |||
Bug Depends on: | |||
Bug Blocks: | 42575 |
Description
Moritz Muehlenhoff
2014-11-25 14:54:50 CET
Potential CRLF injection attacks in mail and HTTP headers (CVE-2015-3154) This and all other issues are fixed in upstream Debian package 1.11.13-1.1+deb7u1 zendframework 1.11.13-1.1+deb7u3 (incl CVE-2015-5161) was imported and build to scope errata4.0-3. YAML (r63409): 2015-09-02-.yaml OK: DEBIAN_FRONTEND=noninteractive aptitude install -y '?source-package(^zendframework$)?not(?name(udeb))' OK: /usr/share/doc/zendframework/changelog.Debian.gz OK: r63409 OK: 2015-09-02-zendframework.yaml OK: CVE-2014-2681, CVE-2014-2682, CVE-2014-2683 OK: CVE-2014-2684, CVE-2014-2685 OK: CVE-2014-4914 OK: CVE-2014-8088 OK: CVE-2014-8089 FAIL: CVE-2015-3154 missing in YAML, fixed by 1.11.13-1.1+deb7u1 OK: CVE-2015-5161 OK: errata-announce -V 2015-09-02-zendframework.yaml (In reply to Philipp Hahn from comment #3) > FAIL: CVE-2015-3154 missing in YAML, fixed by 1.11.13-1.1+deb7u1 Oh right… from the text I thought that 1.11 is not affected, but I understood it wrong… fixed in r63686 OK: r63686 OK: 2015-09-02-zendframework.yaml |