Bug#754201: marked as done (Potential SQL injection in the ORDER implementation of Zend_Db_Select (ZF2014-04))

[Debian Bug Tracking System]

Your message dated Fri, 18 Jul 2014 17:50:06 +0000
with message-id <e1x8cii-0000ye...@franck.debian.org>
and subject line Bug#754201: fixed in zendframework 1.12.7-0.1
has caused the Debian Bug report #754201,
regarding Potential SQL injection in the ORDER implementation of Zend_Db_Select 
(ZF2014-04)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
754201: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754201
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: zendframework
Version: 1.12.5-0.1
Severity: grave
Tags: security upstream patch

Affected versions: v1.12.0 up to v1.12.6 (Squeeze and Wheezy are not
affected)
Upstream security issue:
        http://framework.zend.com/security/advisory/ZF2014-04
Upstream patch:
        
https://github.com/zendframework/zf1/commit/da09186c60b9168520e994af4253fba9c19c2b3d

Regards

David

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: zendframework
Source-Version: 1.12.7-0.1

We believe that the bug you reported is fixed in the latest version of
zendframework, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 754...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Prévot <taf...@debian.org> (supplier of updated zendframework package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 08 Jul 2014 12:33:40 -0400
Source: zendframework
Binary: zendframework zendframework-bin zendframework-resources
Architecture: source all
Version: 1.12.7-0.1
Distribution: unstable
Urgency: medium
Maintainer: Frank Habermann <lordla...@lordlamer.de>
Changed-By: David Prévot <taf...@debian.org>
Description:
 zendframework - powerful PHP framework
 zendframework-bin - binary scripts for zendframework
 zendframework-resources - resource scripts for zendframework
Closes: 754201
Changes:
 zendframework (1.12.7-0.1) unstable; urgency=medium
 .
   * Non-maintainer upload
   * New upstream release, fixes a security issue (Closes: #754201):
     - ZF2014-04: Potential SQL injection in the ORDER implementation of
       Zend_Db_Select
       http://framework.zend.com/security/advisory/ZF2014-04
Checksums-Sha1:
 59a02a201241a9827d6d97510d3f8b7a1275dff1 1894 zendframework_1.12.7-0.1.dsc
 01f49afc473bbaf9b192dff242f261d780420450 27254416 
zendframework_1.12.7.orig.tar.gz
 9a3a59d74e027395227d66ec18ecf9fa9491d81c 5216 zendframework_1.12.7-0.1.diff.gz
 a3d4a0ea16662ce8611da864d4c84c1fec426ab4 4193596 
zendframework_1.12.7-0.1_all.deb
 c1bda537f4d0964c738f3d4b7677c3159581ab4d 9504 
zendframework-bin_1.12.7-0.1_all.deb
 c5784545ac7b85fff3ee0b12b734eebb392ed5c0 35828 
zendframework-resources_1.12.7-0.1_all.deb
Checksums-Sha256:
 a5dddd79035e66ad8da4f8690516d639908a5a354060ae7ff50a1bf1e94c4114 1894 
zendframework_1.12.7-0.1.dsc
 87a970b9eeea3e50b19446213ba715bb93dc3e581cf4532fb8e72c8a8c3973a8 27254416 
zendframework_1.12.7.orig.tar.gz
 3ff8565be0b4be963eeb18466ddf98904bbe8baefa4bd4f0c174398eff7004ed 5216 
zendframework_1.12.7-0.1.diff.gz
 cbaf366b27b95526a0e2261c8598c8941346279c68977d592d2fb0b0a3da6a47 4193596 
zendframework_1.12.7-0.1_all.deb
 82a291945fa121c242405af62d94c9210b62c32d11227847e9c709c212bdb2fa 9504 
zendframework-bin_1.12.7-0.1_all.deb
 57183679fdffa0b9629d732c9691d9fef2aa37ffc43066f4b7acf2bcb0159410 35828 
zendframework-resources_1.12.7-0.1_all.deb
Files:
 d793339a96a0e9889da2b0875a2276f9 4193596 web optional 
zendframework_1.12.7-0.1_all.deb
 1f59dbb674cec240e87679016810d342 9504 web optional 
zendframework-bin_1.12.7-0.1_all.deb
 eba49cfa6c7b6c52887d54cb3eb3ae92 35828 web optional 
zendframework-resources_1.12.7-0.1_all.deb
 e8a9d1d20cba5ba63dd8952667082e15 1894 web optional zendframework_1.12.7-0.1.dsc
 88f5b8612b15c57857345140c21fb7bc 27254416 web optional 
zendframework_1.12.7.orig.tar.gz
 694f972438d260ad124d3ae630898d9e 5216 web optional 
zendframework_1.12.7-0.1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTvB7zAAoJELgqIXr9/gnyrUAQALIVAFcNPoEGfE1uTjLWycnl
1Ho6bis2JDcFLz0vE25pSuCJvwnGWgiHMlEVYEHJJqxpheJsu5VJqVFThek1a8Uj
8Hfn8WMD67geUK/Kyal2MF2sIuYXJqo0NHYR3hY0440ZwWppcYruPUZJbESw6E8C
hh1ZqGry1cc04Fo6QqnV0c0vyJETAp44Xi011FhcX8oo5oSVTwXvDmrnfHIgdM/k
EHt8osiXvGP1VziOxYBwzokPzyIwFHs3IH7ddg4BNt47IyWVQXVWEss67YmHtD2x
FZ2erFWGpc+oUsim1EsRfmFkVBnGMxlODzkmBQnwi5QO1a4JALPp/0H6+LJW3QZe
2mBRgWzj8s63q0LHK64FaRW1T0yaHs8PffO3VDqOfypiE/JWogal25211SduHaMI
44EX3xpurCu30E3Gx7XqhF5KHaPG8Lqmg/mOFH5FJ6pq4K8KLiAqaZDVy/p618bS
fvIdZNc41qYqR7XlNNdyTzFoHeDs6hJBL92fJFLxkqA2f15PpGoQxWWl4j5QxGMG
ek6alwYU5wShdQ6Tj1MOtsWJGmQJB0q6oD5NTXPyMHJbVsRHazxXkh/AcfFOhsJX
9LDOTby5XotrjFKIGycvjiB40PgBf6FHZ/7J5ntRtCymxbt/M7loZwh7oLE6h67+
ESXXeaMcSAlTB1hxtxjl
=v191
-----END PGP SIGNATURE-----

--- End Message ---