-
zendframework (1.12.9+dfsg-2+deb8u6) jessie; urgency=medium
* Fix regression from ZF2015-08: binary data corruption
* Backport security fix from 1.12.18:
- ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1
http://framework.zend.com/security/advisory/ZF2016-01
-- David Prévot <email address hidden> Wed, 13 Apr 2016 16:37:00 -0400
-
zendframework (1.12.9+dfsg-2+deb8u5) jessie; urgency=medium
* Backport security fix from 1.12.17
- ZF2015-09: Fixed entropy issue in word CAPTCHA
http://framework.zend.com/security/advisory/ZF2015-09
-- David Prévot <email address hidden> Tue, 24 Nov 2015 18:21:26 -0400
-
zendframework (1.12.9+dfsg-2+deb8u3) jessie-security; urgency=high
* ZF2015-06: XXE/XEE vector when using ZendXml on multibyte payloads
http://framework.zend.com/security/advisory/ZF2015-06
[CVE-2015-5161]
-- David Prévot <email address hidden> Tue, 18 Aug 2015 18:00:37 +0200
-
zendframework (1.12.9+dfsg-2+deb8u2) jessie-security; urgency=high
* Update ZF2015-04 patch.
Use the final upstream patch instead of the initial one.
No actual change other than spaces, comments and tests.
It will ease cherry-picking further fixes if needed.
* Fix regression in headers creation.
Non-string and non-stringable objects were not allowed anymore with the
ZF2015-04 patch. This broke a number of other classes, however, which
required integer and/or float values (e.g., to set a Content-Length
header).
-- David Prévot <email address hidden> Sat, 23 May 2015 12:13:17 -0400
-
zendframework (1.12.9+dfsg-2) unstable; urgency=medium
* Revert tests during package build (Closes: #765155)
* Use repacksuffix feature of uscan
-- David Prévot <email address hidden> Mon, 13 Oct 2014 22:40:34 -0400
-
zendframework (1.12.9+dfsg-1) unstable; urgency=medium
[ Matthew Weier O'Phinney ]
* [ZF2014-05] Fix for null-byte binding
* [#372] Quote null byte characters
* [1.12.9] Release readiness
[ David Prévot ]
* Bump standards version to 3.9.6
-- David Prévot <email address hidden> Thu, 18 Sep 2014 20:28:35 -0400
-
zendframework (1.12.7-0.1) unstable; urgency=medium
* Non-maintainer upload
* New upstream release, fixes a security issue (Closes: #754201):
- ZF2014-04: Potential SQL injection in the ORDER implementation of
Zend_Db_Select
http://framework.zend.com/security/advisory/ZF2014-04
-- David Prévot <email address hidden> Tue, 08 Jul 2014 12:33:40 -0400
-
zendframework (1.12.5-0.1) unstable; urgency=medium
* Non-maintainer upload
* New upstream release, fixes several security issues (Closes: #743175):
- ZF2014-01: Potential XXE/XEE attacks using PHP functions:
simplexml_load_*, DOMDocument::loadXML, and xml_parse
http://framework.zend.com/security/advisory/ZF2014-01
[CVE-2014-2681] [CVE-2014-2682] [CVE-2014-2683]
- F2014-02: Potential security issue in login mechanism of ZendOpenId and
Zend_OpenId consumer
http://framework.zend.com/security/advisory/ZF2014-02
[CVE-2014-2684] [CVE-2014-2685]
* Update copyright years
-- David Prévot <email address hidden> Mon, 14 Apr 2014 14:48:35 -0400
-
zendframework (1.12.3-1) unstable; urgency=low
* new upstream release
* removed windows azure stuff for windows platform from library path
-- Frank Habermann <email address hidden> Wed, 24 May 2013 22:17:00 +0200
-
zendframework (1.11.13-1.1) unstable; urgency=high
* Non-maintainer upload.
* debian/patches/02-ZF2012-05:
- Fix for CVE-2012-5657: remove the XXE vector by calling
libxml_disable_entity_loader() before attempting to parse the
feed via DOMDocument::loadXML(). Patch taken from upstream SVN
repository, revision 25159 (Closes: #696483).
-- Luca Falavigna <email address hidden> Fri, 28 Dec 2012 20:24:22 +0100
