[pkg-php-pear] Bug#821042: jessie-pu: package zendframework/1.12.9+dfsg-2+deb8u6

David Prévot taffit at debian.org
Thu Apr 14 22:06:17 UTC 2016


Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org at packages.debian.org
Usertags: pu

Hi,

As agreed with the security team, I’d like to fix another potential
entropy vulnerability has been fixed in zendframework.

The fix also gets rid of openssl_random_pseudo_bytes() introduced in the
previous ZF2015-09 fix, and I also added a regression fix from the
CVE-2015-7695 (ZF2015-08) patch (this one was introduced in DSA-3369-1).

Please find attached the proposed debdiff for Jessie (a similar request
for Wheezy follows), the changelog entry is:

zendframework (1.12.9+dfsg-2+deb8u6) jessie; urgency=medium

  * Fix regression from ZF2015-08: binary data corruption
  * Backport security fix from 1.12.18:
    - ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1
      http://framework.zend.com/security/advisory/ZF2016-01

Regards

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: jessie.diff
Type: text/x-diff
Size: 16007 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20160414/5d7ad2c3/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20160414/5d7ad2c3/attachment.sig>


More information about the pkg-php-pear mailing list