[pkg-php-pear] Bug#821044: wheezy-pu: package zendframework/1.11.13-1.1+deb7u6

David Prévot taffit at debian.org
Thu Apr 14 22:15:01 UTC 2016

Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian.org at packages.debian.org
Usertags: pu


As agreed with the security team, I’d like to fix another potential
entropy vulnerability that has been fixed in zendframework.

The fix also gets rid of openssl_random_pseudo_bytes() introduced in the
previous ZF2015-09 fix, and I also added a regression fix from the
CVE-2015-7695 (ZF2015-08) patch (this one was introduced in DSA-3369-1).

Please find attached the proposed debdiff for Wheezy, it’s pretty
similar to the one from #821042.

zendframework (1.11.13-1.1+deb7u6) wheezy; urgency=medium

  * Fix regression from ZF2015-08: binary data corruption
  * Backport security fix from 1.12.18:
    - ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1


-------------- next part --------------
A non-text attachment was scrubbed...
Name: wheezy.diff
Type: text/x-diff
Size: 15619 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20160414/8592329d/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20160414/8592329d/attachment-0001.sig>

More information about the pkg-php-pear mailing list