You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php-ZendFramework2

Sigurnosni nedostaci programskog paketa php-ZendFramework2

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2014-6530
2014-05-21 01:31:04
——————————————————————————–

Name : php-ZendFramework2
Product : Fedora 19
Version : 2.2.7
Release : 1.fc19
URL : http://framework.zend.com
Summary : Zend Framework 2
Description :
Zend Framework 2 is an open source framework for developing web applications
and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code
and utilizes most of the new features of PHP 5.3, namely namespaces, late
static binding, lambda functions and closures.

Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework
with over 15 million downloads.

Note: This meta package installs all base Zend Framework component packages
(Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db,
Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n,
InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager,
Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar,
Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text,
Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and
Cache-memcached packages.

——————————————————————————–
Update Information:

## 2.2.7 (2014-04-015)

### SECURITY UPDATES

– **ZF2014-03:** Potential XSS vector in multiple view helpers due to inappropriate HTML attribute escaping. Many view helpers were using the `escapeHtml()` view helper in order to escape HTML attributes. This release patches them to use the `escapeHtmlAttr()` view helper in these situations. If you use form or navigation view helpers, or “HTML element” view helpers (such as `gravatar()`, `htmlFlash()`, `htmlPage()`, or `htmlQuicktime()`), we recommend upgrading immediately.
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-ZendFramework2’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-6540
2014-05-21 01:31:27
——————————————————————————–

Name : php-ZendFramework2
Product : Fedora 20
Version : 2.2.7
Release : 1.fc20
URL : http://framework.zend.com
Summary : Zend Framework 2
Description :
Zend Framework 2 is an open source framework for developing web applications
and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code
and utilizes most of the new features of PHP 5.3, namely namespaces, late
static binding, lambda functions and closures.

Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework
with over 15 million downloads.

Note: This meta package installs all base Zend Framework component packages
(Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db,
Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n,
InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager,
Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar,
Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text,
Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and
Cache-memcached packages.

——————————————————————————–
Update Information:

## 2.2.7 (2014-04-015)

### SECURITY UPDATES

– **ZF2014-03:** Potential XSS vector in multiple view helpers due to inappropriate HTML attribute escaping. Many view helpers were using the `escapeHtml()` view helper in order to escape HTML attributes. This release patches them to use the `escapeHtmlAttr()` view helper in these situations. If you use form or navigation view helpers, or “HTML element” view helpers (such as `gravatar()`, `htmlFlash()`, `htmlPage()`, or `htmlQuicktime()`), we recommend upgrading immediately.
——————————————————————————–
ChangeLog:

* Sun May 18 2014 Shawn Iwinski <shawn.iwinski@gmail.com> 2.2.7-1
– Updated to 2.2.7 (security update for ZF2014-03)
* Tue Apr 1 2014 Remi Collet <remi@fedoraproject.org> 2.2.6-1
– Updated to 2.2.6 for CVE-2014-2681 CVE-2014-2682
CVE-2014-2683 CVE-2014-2684 CVE-2014-2685
– new package ZendXml
– fix for unversioned doc directory
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-ZendFramework2’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

AutorMarijo Plepelic
Cert idNCERT-REF-2014-05-0004-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Ranjivosti programske biblioteke libpng

Otkrivene su ranjivosti programske biblioteke libpng za Fedoru. Ranjivosti se nalaze u funkcijama png_do_expand_palette i png_push_read_chunk, a udaljenim napadačima omogućuju...

Close