Security Issues in Zend-Framework
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
zend-framework (Ubuntu) |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Jaunty |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Karmic |
Fix Released
|
Undecided
|
Stephan Rügamer | ||
Lucid |
Fix Released
|
Undecided
|
Stephan Rügamer |
Bug Description
Binary package hint: zend-framework
The following security issues were detected in Zend-Framework:
* ZF2010-06: Potential XSS or HTML Injection vector in Zend_Json
http://
* ZF2010-05: Potential XSS vector in Zend_Service_
http://
* ZF2010-04: Potential MIME-type Injection in Zend_File_Transfer
http://
* ZF2010-03: Potential XSS vector in Zend_Filter_
http://
* ZF2010-02: Potential XSS vector in Zend_Dojo_
http://
* ZF2010-01: Potential XSS vectors due to inconsistent encodings
http://
visibility: | private → public |
Changed in zend-framework (Ubuntu): | |
assignee: | nobody → Stephan Hermann (shermann) |
status: | New → Confirmed |
Changed in zend-framework (Ubuntu Karmic): | |
assignee: | nobody → Stephan Hermann (shermann) |
status: | New → Confirmed |
Changed in zend-framework (Ubuntu Jaunty): | |
status: | New → Confirmed |
assignee: | nobody → Stephan Hermann (shermann) |
zend-framework (1.9.7-0ubuntu1) lucid; urgency=low
* New upstream bugfix release framework. zend.com/ changelog/ 1.9.7 ReCaptcha_ MailHide StripTags when comments allowed View_Helper_ Editor
+ Upstream changelog for all fixed issues you can find here:
http://
+ This release fixes also the security issues:
ZF2010-06: Potential XSS or HTML Injection vector in Zend_Json
ZF2010-05: Potential XSS vector in Zend_Service_
ZF2010-04: Potential MIME-type Injection in Zend_File_Transfer
ZF2010-03: Potential XSS vector in Zend_Filter_
ZF2010-02: Potential XSS vector in Zend_Dojo_
ZF2010-01: Potential XSS vectors due to inconsistent encodings
Date: Tue, 12 Jan 2010 08:51:07 +0000 /launchpad. net/ubuntu/ lucid/+ source/ zend-framework/ 1.9.7-0ubuntu1
Changed-By: Stephan Hermann <email address hidden>
Maintainer: Ubuntu MOTU Developers <email address hidden>
https:/