Bug#696483: marked as done (zendframework: CVE-2012-5657)

Fri, 04 Jan 2013 13:00:27 -0800 

Your message dated Fri, 04 Jan 2013 20:49:47 +0000
with message-id <e1tred5-0006y9...@franck.debian.org>
and subject line Bug#696483: fixed in zendframework 1.11.13-1.1
has caused the Debian Bug report #696483,
regarding zendframework: CVE-2012-5657
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
696483: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=696483
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: zendframework
Severity: grave
Tags: security
Justification: user security hole

This was assigned CVE-2012-5657:
http://framework.zend.com/security/advisory/ZF2012-05

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: zendframework
Source-Version: 1.11.13-1.1

We believe that the bug you reported is fixed in the latest version of
zendframework, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 696...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luca Falavigna <dktrkr...@debian.org> (supplier of updated zendframework 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 28 Dec 2012 20:24:22 +0100
Source: zendframework
Binary: zendframework zendframework-bin zendframework-resources
Architecture: source all
Version: 1.11.13-1.1
Distribution: unstable
Urgency: high
Maintainer: Frank Habermann <lordla...@lordlamer.de>
Changed-By: Luca Falavigna <dktrkr...@debian.org>
Description: 
 zendframework - powerful PHP framework
 zendframework-bin - binary scripts for zendframework
 zendframework-resources - resource scripts for zendframework
Closes: 696483
Changes: 
 zendframework (1.11.13-1.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * debian/patches/02-ZF2012-05:
     - Fix for CVE-2012-5657: remove the XXE vector by calling
       libxml_disable_entity_loader() before attempting to parse the
       feed via DOMDocument::loadXML(). Patch taken from upstream SVN
       repository, revision 25159 (Closes: #696483).
Checksums-Sha1: 
 6387ccc3e689e4f74a3d13cce7c1da24b149ff08 1918 zendframework_1.11.13-1.1.dsc
 fe9277b415aa2013a522d33d039edb25799fef08 8005 zendframework_1.11.13-1.1.diff.gz
 898a141c201c9db3a54d2fa835abc9daced39840 3723204 
zendframework_1.11.13-1.1_all.deb
 88ceff1e734099526a7bd94a1249565af5a13873 9994 
zendframework-bin_1.11.13-1.1_all.deb
 649625b4b6fbb0d076b706e449fd5aa0198a43c3 37876 
zendframework-resources_1.11.13-1.1_all.deb
Checksums-Sha256: 
 95cc9d8f8b863d8be123d18945d06cab7b936cfe5f0632428f529894b43b96f1 1918 
zendframework_1.11.13-1.1.dsc
 fa01161c3f59173e613ba85ed4612752773ca867faeea795a10ac45dc9b05fe9 8005 
zendframework_1.11.13-1.1.diff.gz
 c12285c7e968b70f72fe16adbd2f7d28fe7d8cb88afb0dd2663ff8dfa3743adf 3723204 
zendframework_1.11.13-1.1_all.deb
 a4f1a4e408ded9bb81fd3d854d5d4bf136fcf96344754e370382b4ebda6d35ef 9994 
zendframework-bin_1.11.13-1.1_all.deb
 192ecb62288190f3826c46457800c3a890ef21085ae9c4c05518bce2b7befa8a 37876 
zendframework-resources_1.11.13-1.1_all.deb
Files: 
 5419a8339eec6fcb115afc6f2d7b2744 1918 web optional 
zendframework_1.11.13-1.1.dsc
 4206ee3b92d96f4d659cc5d14014892a 8005 web optional 
zendframework_1.11.13-1.1.diff.gz
 92dc06937233b05d42bbba37f1839e11 3723204 web optional 
zendframework_1.11.13-1.1_all.deb
 90f3c15a66e83015c7405bec8afef88b 9994 web optional 
zendframework-bin_1.11.13-1.1_all.deb
 dfd14a09e00d9906205c008208a6f5ab 37876 web optional 
zendframework-resources_1.11.13-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJQ3fSvAAoJEEkIatPr4vMfAk0P/AnZ+UzviDqsCNjbnOpxHC7Z
W6C7U6Y18UEDqDpnf8pLs8pcamp7SDw4W1SvxZcClMiA1vOgo78lGqCWbZXsEcg6
lIBMB2jFgBOsWvuD+T2gyO6GSUmpkhwMKEqMKTRzVgCoPHnuoTqGx14yV2DvcmeK
UH7FAxP+wztMBTxi1OE+WBNVkSt17/wInA1r2eII8Ck6GwxcZ9gah6ulwVNzD1A6
BuLqzE3d7/q9YvPcQ9I2xnqHPzFWBmNtreBwpWVFvC6hF7Rq+tDwT5A65tjFYmXM
2WH78ScqCSrJ9y3Ve/vSbzNUhMpPM6QZQ/249xDm0g8sLeh/2m13UWbIJo3iekkX
WftQYwR6BIPFA7KOm65ivijrf1HOpyqDTTp7/D58nRKb96UQfy4HXLKn99654eeD
aMhk9JUXzrT2ZVLxS18707HzKoR/AezHVO+WwgxA+f0g0GKotN5q/6qNdTN+W94A
gLIez1dp7ZUrF0D0kvjNB7U8MHYjvORVog+CpzHvrp5EkyllAHwDAJ6MVJzV14ZQ
4SFOTaZW3snq3h4umSleMe/qGHULP9mZj5rAXD1r58mkxH+V8cyX2UreIFHgcnW3
Q0ufpdm1cpVrXH0TLvRXWRQkhcVLNTDCs5KnEchgZ0T4MK7R5h76fvNWViyDoQp3
563Km030B7E6O7WMwgmz
=iusZ
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to