Bug#679215: marked as done (CVE-2012-3363: Local file disclosure via XXE injection)

[Debian Bug Tracking System]

Your message dated Sat, 30 Jun 2012 09:48:47 +0000
with message-id <e1skuij-0001hr...@franck.debian.org>
and subject line Bug#679215: fixed in zendframework 1.10.6-1squeeze1
has caused the Debian Bug report #679215,
regarding CVE-2012-3363: Local file disclosure via XXE injection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
679215: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679215
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: zendframework
Severity: grave
Tags: security

Please see 

http://framework.zend.com/security/advisory/ZF2012-01
https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: zendframework
Source-Version: 1.10.6-1squeeze1

We believe that the bug you reported is fixed in the latest version of
zendframework, which is due to be installed in the Debian FTP archive:

zendframework-bin_1.10.6-1squeeze1_all.deb
  to main/z/zendframework/zendframework-bin_1.10.6-1squeeze1_all.deb
zendframework_1.10.6-1squeeze1.diff.gz
  to main/z/zendframework/zendframework_1.10.6-1squeeze1.diff.gz
zendframework_1.10.6-1squeeze1.dsc
  to main/z/zendframework/zendframework_1.10.6-1squeeze1.dsc
zendframework_1.10.6-1squeeze1_all.deb
  to main/z/zendframework/zendframework_1.10.6-1squeeze1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Frank Habermann <lordla...@lordlamer.de> (supplier of updated zendframework 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 28 Jun 2012 21:42:00 +0200
Source: zendframework
Binary: zendframework zendframework-bin
Architecture: source all
Version: 1.10.6-1squeeze1
Distribution: squeeze-security
Urgency: high
Maintainer: Frank Habermann <lordla...@lordlamer.de>
Changed-By: Frank Habermann <lordla...@lordlamer.de>
Description: 
 zendframework - powerful PHP framework
 zendframework-bin - binary scripts for zendframework
Closes: 679215
Changes: 
 zendframework (1.10.6-1squeeze1) squeeze-security; urgency=high
 .
   * fixes Local file disclosure via XXE injection (Closes: #679215)
Checksums-Sha1: 
 67ee9deb96f50b83b09236e7e9452bc2d86cec3a 1411 
zendframework_1.10.6-1squeeze1.dsc
 f0b219611c598310174a498c382e029e115adc4b 3593662 
zendframework_1.10.6.orig.tar.gz
 478edd3ee11accfcb3705c5873e7a35b4cad0834 4752 
zendframework_1.10.6-1squeeze1.diff.gz
 47297adf232b3a209cc57e8e5efb38e8b4dd2991 3590744 
zendframework_1.10.6-1squeeze1_all.deb
 de769bae5717fd62cabcaf2a59f0331b91ee23a1 9240 
zendframework-bin_1.10.6-1squeeze1_all.deb
Checksums-Sha256: 
 ad60eee4163e3fbc991c081ef6143f156a5dc97e931b4b69696cc8a902a8e5e4 1411 
zendframework_1.10.6-1squeeze1.dsc
 c24cb6f1695141e5a683b5f25b2bfc08b7c333e52332acd67eb7b07e41793444 3593662 
zendframework_1.10.6.orig.tar.gz
 22ba607a7fdd27cae20a328bdf494c33291efd2a289a28dd6ae5335b165b8cc4 4752 
zendframework_1.10.6-1squeeze1.diff.gz
 cc41c7abae477a97b45da0a3a545bd0fb69cb5c94b6a5263ba10c1abd04797a1 3590744 
zendframework_1.10.6-1squeeze1_all.deb
 db16cf342926f6cc44177542b1f15e96d0fb64948a58ca15c1dd6c1b02bf162a 9240 
zendframework-bin_1.10.6-1squeeze1_all.deb
Files: 
 fc3fa1892d2ca9418db2730a4cbfcd1b 1411 web optional 
zendframework_1.10.6-1squeeze1.dsc
 20fe9a215d22821f49aa81609d9967be 3593662 web optional 
zendframework_1.10.6.orig.tar.gz
 95ee7f695e5b10bc5f2ba12c642e4dc1 4752 web optional 
zendframework_1.10.6-1squeeze1.diff.gz
 7814e9fdf429d623dcd81b94af08bb61 3590744 web optional 
zendframework_1.10.6-1squeeze1_all.deb
 de453159b0d00e39d70dfb1b1c9bca28 9240 web optional 
zendframework-bin_1.10.6-1squeeze1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJP7eexAAoJEL97/wQC1SS+5P8IAIguIDnDXDlHVd3iiSXc4ZP1
E0iI3kYXDOB1HG5n5enaFPS/Z5b3Xl5p67vrpn6TdGuFhcQdsep9QT7o0x9FU753
9Hj0eazY3Vq8RtZqOG5nnop5xLk2/fihCLKMAmSF/GUWg2DxIsg3a50XQ8FlKML+
Oi+3IXLaN0V95f6351HuR4g184rP1dRtQToTuncPZ9mzchMKlXefzFdQySUdkNxE
QDzkTaPOFrNecpvlKKq5qJC84b7YA5+kXLMy7Lc4t/e4sj2LvPm45ZAYxkCFDDHo
ioXqWD7Cv7+39KRqqAA5dLySabdAuYRxSJ5lek3/DMiYb8CMZeun4p/vEHa3VLQ=
=fEo+
-----END PGP SIGNATURE-----

--- End Message ---