Updated php-ZendFramework packages fix security vulnerabilities
Publication date: 08 Jun 2015Modification date: 08 Jun 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-3154
Description
Updated php-ZendFramework packages fix security vulnerability:
Filippo Tessarotto and Maks3w reported potential CRLF injection attacks in
mail and HTTP headers in ZendFramework before 1.2.12 (CVE-2015-3154).
References
- https://bugs.mageia.org/show_bug.cgi?id=15994
- http://framework.zend.com/security/advisory/ZF2015-04
- http://framework.zend.com/blog/zend-framework-1-12-10-released.html
- http://framework.zend.com/blog/zend-framework-1-12-11-released.html
- http://framework.zend.com/blog/zend-framework-1-12-12-released.html
- http://framework.zend.com/blog/zend-framework-1-12-13-released.html
- https://www.debian.org/security/2015/dsa-3265
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3154
SRPMS
4/core
- php-ZendFramework-1.12.13-1.mga4