[pkg-php-pear] Bug#780424: Emedded ZendDb component affected by several security issues

David Prévot taffit at debian.org
Fri Mar 13 17:13:24 UTC 2015

Package: galette
Version: 0.8+dfsg-1
Severity: serious
Tags: security upstream


The galette package ships an embedded copy of ZendDb, but AFAICT, the
version shipped (2.3.1) is affected by several security issues:
CVE-2014-8089 and CVE-2015-0270 (aka ZF2014-06 and ZF2015-02).

Shipping embedded copy instead of packaging it has a cost…


FWIW, I’m willing to introduce the php-zend-db package (#780422) as soon
as upstream fixes its build system.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20150313/ae467cc3/attachment-0001.sig>

More information about the pkg-php-pear mailing list