Bug#679215: marked as done (CVE-2012-3363: Local file disclosure via XXE injection)

[Debian Bug Tracking System]

Your message dated Tue, 03 Jul 2012 23:17:57 +0000
with message-id <e1smcm1-0003mt...@franck.debian.org>
and subject line Bug#679215: fixed in zendframework 1.11.12-1
has caused the Debian Bug report #679215,
regarding CVE-2012-3363: Local file disclosure via XXE injection
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
679215: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=679215
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: zendframework
Severity: grave
Tags: security

Please see 

http://framework.zend.com/security/advisory/ZF2012-01
https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: zendframework
Source-Version: 1.11.12-1

We believe that the bug you reported is fixed in the latest version of
zendframework, which is due to be installed in the Debian FTP archive:

zendframework-bin_1.11.12-1_all.deb
  to main/z/zendframework/zendframework-bin_1.11.12-1_all.deb
zendframework-resources_1.11.12-1_all.deb
  to main/z/zendframework/zendframework-resources_1.11.12-1_all.deb
zendframework_1.11.12-1.diff.gz
  to main/z/zendframework/zendframework_1.11.12-1.diff.gz
zendframework_1.11.12-1.dsc
  to main/z/zendframework/zendframework_1.11.12-1.dsc
zendframework_1.11.12-1_all.deb
  to main/z/zendframework/zendframework_1.11.12-1_all.deb
zendframework_1.11.12.orig.tar.gz
  to main/z/zendframework/zendframework_1.11.12.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 679...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Frank Habermann <lordla...@lordlamer.de> (supplier of updated zendframework 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 27 Jun 2012 21:36:00 +0200
Source: zendframework
Binary: zendframework zendframework-bin zendframework-resources
Architecture: source all
Version: 1.11.12-1
Distribution: unstable
Urgency: high
Maintainer: Frank Habermann <lordla...@lordlamer.de>
Changed-By: Frank Habermann <lordla...@lordlamer.de>
Description: 
 zendframework - powerful PHP framework
 zendframework-bin - binary scripts for zendframework
 zendframework-resources - resource scripts for zendframework
Closes: 679215
Changes: 
 zendframework (1.11.12-1) unstable; urgency=high
 .
   * new upstream release
     - fixes Local file disclosure via XXE injection (Closes: #679215)
   * changed Standards-Version to 3.9.3
   * added DM-Upload-Allowed to control
Checksums-Sha1: 
 b76247ecb7701cb0087582e1b026962cfa442fff 1270 zendframework_1.11.12-1.dsc
 04c922c16be8acda31cbd3baa8d4f46157bcabcb 20224300 
zendframework_1.11.12.orig.tar.gz
 6004c8924945be0474b4a7500797d55d1b50c927 4762 zendframework_1.11.12-1.diff.gz
 c2bf55558bd7255266b69a617b20612d05be06f6 3728994 
zendframework_1.11.12-1_all.deb
 ec48029f8e87115718690c4e9f43737e911049ac 9682 
zendframework-bin_1.11.12-1_all.deb
 07de559fbb81b617e7fc6adb90203f1c6e16e858 38234 
zendframework-resources_1.11.12-1_all.deb
Checksums-Sha256: 
 47e584a5ffa7eb1c2ae7743b522955642ebd165bc1a04d8ccf7b5861c9e46bdb 1270 
zendframework_1.11.12-1.dsc
 389c1093f257e3a780170d8a4fa02ada980d6d81a62908bb3e78c74118e43bad 20224300 
zendframework_1.11.12.orig.tar.gz
 87aeab3a8e67e56c9f12b0273ddf788f6705e77efdfa53a4eb0f6c6281cc952c 4762 
zendframework_1.11.12-1.diff.gz
 cd46a4054667656277fe7004ff8c89442f5fa6c18a130f3318160349acd4e42a 3728994 
zendframework_1.11.12-1_all.deb
 5b31d16cc2b082c85699e75de8520f6ad78f9bba8282f82542abab09c51cc5f4 9682 
zendframework-bin_1.11.12-1_all.deb
 e3533d836fd55f65f552d5a4f116442b908dd30c791dd6ded9d1f9407d5b6e57 38234 
zendframework-resources_1.11.12-1_all.deb
Files: 
 edc90442b04b6129d1fdf1404d5f83db 1270 web optional zendframework_1.11.12-1.dsc
 78b426b30d75723fd54300c49f341077 20224300 web optional 
zendframework_1.11.12.orig.tar.gz
 6592eab1f6cbe963b64284ec7ba69c2b 4762 web optional 
zendframework_1.11.12-1.diff.gz
 c0de76563d8f688441a8e4a0b2d585aa 3728994 web optional 
zendframework_1.11.12-1_all.deb
 7e30835af14030d3e9508335b166a3bd 9682 web optional 
zendframework-bin_1.11.12-1_all.deb
 67fa9d1baaa9329326011c678849d580 38234 web optional 
zendframework-resources_1.11.12-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk/ze5sACgkQ+C5cwEsrK55AGACg4Wzevl4bRija/PmKG3xDKx0S
fRoAoIxmTx+qBDTU0z7aP30ju/uUcp3E
=IrDX
-----END PGP SIGNATURE-----

--- End Message ---