[Secure-testing-commits] r36884 - data/CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Sep 29 13:55:17 UTC 2015
Author: hertzog
Date: 2015-09-29 13:55:16 +0000 (Tue, 29 Sep 2015)
New Revision: 36884
Modified:
data/CVE/list
Log:
Review CVE-2015-5723 for zendframework/squeeze
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-09-29 10:24:33 UTC (rev 36883)
+++ data/CVE/list 2015-09-29 13:55:16 UTC (rev 36884)
@@ -1564,6 +1564,8 @@
- aws-sdk-for-php <not-affected> (Vulnerable code not present)
- php-doctrine-bundle 1.5.2-1 (low)
- zendframework 1.12.16+dfsg-1 (low)
+ [squeeze] - zendframework <not-affected> (No unsafe permissions found in cache functions)
+ NOTE: Review of zendframework 1.10.6 in Squeeze found no usage of default unsafe permission except in library/Zend/Search/Lucene/Storage/Directory/Filesystem.php but which is unlikely to cause a security issue.
NOTE: http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
NOTE: https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
NOTE: http://framework.zend.com/security/advisory/ZF2015-07
More information about the Secure-testing-commits
mailing list