Launchpad CVE tracker

CVE 2015-5161

The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.

Related bugs and status

CVE-2015-5161 (Candidate) is related to these bugs:

Bug #1593024: Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main), delete src:zend-framework from 17.04

		In	Importance	Status
1593024	Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main), delete src:zend-framework from 17.04	zend-framework (Ubuntu)	Wishlist	Fix Released
1593024	Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main), delete src:zend-framework from 17.04	icingaweb2 (Ubuntu)	Wishlist	Fix Released
1593024	Unblacklist and sync zendframework 1.12.18+dfsg-1 (universe) from Debian unstable (main), delete src:zend-framework from 17.04	zendframework (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2015-5161

References