——————————————————————————–
Fedora Update Notification
FEDORA-2014-4603
2014-04-02 07:52:17
——————————————————————————–
Name : php-ZendFramework
Product : Fedora 19
Version : 1.12.5
Release : 1.fc19
URL : http://framework.zend.com/
Summary : Leading open-source PHP framework
Description :
Extending the art & spirit of PHP, Zend Framework is based on simplicity,
object-oriented best practices, corporate friendly licensing, and a rigorously
tested agile code base. Zend Framework is focused on building more secure,
reliable, and modern Web 2.0 applications & web services, and consuming widely
available APIs from leading vendors like Google, Amazon, Yahoo!, Flickr, as
well as API providers and catalogers like StrikeIron and ProgrammableWeb.
——————————————————————————–
Update Information:
update to 1.12.5
fixes http://framework.zend.com/security/advisory/ZF2014-01
fixes http://framework.zend.com/security/advisory/ZF2014-02
removed: InfoCards, Services/Nirvanix
——————————————————————————–
ChangeLog:
* Thu Mar 27 2014 Felix Kaechele <felix@fetzig.org> – 1.12.5-1
– update to 1.12.5
– fixes http://framework.zend.com/security/advisory/ZF2014-01
– fixes http://framework.zend.com/security/advisory/ZF2014-02
– removed: InfoCards, Services/Nirvanix
* Sun Dec 22 2013 Felix Kaechele <felix@fetzig.org> – 1.12.3-3
– remove direct dependency on PHP
– See http://fedoraproject.org/wiki/Packaging:PHP#Apache_requirement
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.12.3-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
——————————————————————————–
References:
[ 1 ] Bug #1081287 – CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 php-ZendFramework: XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws fixed in 1.12.4, 2.1.6, and 2.2.6 (ZF2014-01)
https://bugzilla.redhat.com/show_bug.cgi?id=1081287
[ 2 ] Bug #1081288 – CVE-2014-2684 CVE-2014-2685 php-ZendFramework: OpenID identity provider could be used to spoof other identity providers (ZF2014-02)
https://bugzilla.redhat.com/show_bug.cgi?id=1081288
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update php-ZendFramework’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-4651
2014-04-02 07:54:26
——————————————————————————–
Name : php-ZendFramework
Product : Fedora 20
Version : 1.12.5
Release : 1.fc20
URL : http://framework.zend.com/
Summary : Leading open-source PHP framework
Description :
Extending the art & spirit of PHP, Zend Framework is based on simplicity,
object-oriented best practices, corporate friendly licensing, and a rigorously
tested agile code base. Zend Framework is focused on building more secure,
reliable, and modern Web 2.0 applications & web services, and consuming widely
available APIs from leading vendors like Google, Amazon, Yahoo!, Flickr, as
well as API providers and catalogers like StrikeIron and ProgrammableWeb.
——————————————————————————–
Update Information:
update to 1.12.5
fixes http://framework.zend.com/security/advisory/ZF2014-01
fixes http://framework.zend.com/security/advisory/ZF2014-02
removed: InfoCards, Services/Nirvanix
——————————————————————————–
ChangeLog:
* Thu Mar 27 2014 Felix Kaechele <felix@fetzig.org> – 1.12.5-1
– update to 1.12.5
– fixes http://framework.zend.com/security/advisory/ZF2014-01
– fixes http://framework.zend.com/security/advisory/ZF2014-02
– removed: InfoCards, Services/Nirvanix
* Sun Dec 22 2013 Felix Kaechele <felix@fetzig.org> – 1.12.3-3
– remove direct dependency on PHP
– See http://fedoraproject.org/wiki/Packaging:PHP#Apache_requirement
——————————————————————————–
References:
[ 1 ] Bug #1081287 – CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 php-ZendFramework: XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws fixed in 1.12.4, 2.1.6, and 2.2.6 (ZF2014-01)
https://bugzilla.redhat.com/show_bug.cgi?id=1081287
[ 2 ] Bug #1081288 – CVE-2014-2684 CVE-2014-2685 php-ZendFramework: OpenID identity provider could be used to spoof other identity providers (ZF2014-02)
https://bugzilla.redhat.com/show_bug.cgi?id=1081288
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update php-ZendFramework’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-4636
2014-04-02 07:53:50
——————————————————————————–
Name : php-ZendFramework2
Product : Fedora 19
Version : 2.2.6
Release : 1.fc19
URL : http://framework.zend.com
Summary : Zend Framework 2
Description :
Zend Framework 2 is an open source framework for developing web applications
and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code
and utilizes most of the new features of PHP 5.3, namely namespaces, late
static binding, lambda functions and closures.
Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework
with over 15 million downloads.
Note: This meta package installs all base Zend Framework component packages
(Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db,
Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n,
InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager,
Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar,
Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text,
Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and
Cache-memcached packages.
——————————————————————————–
Update Information:
Upstream release notes:
https://github.com/zendframework/zf2/releases/tag/release-2.2.6
——————————————————————————–
References:
[ 1 ] Bug #1081287 – CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 php-ZendFramework: XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws fixed in 1.12.4, 2.1.6, and 2.2.6 (ZF2014-01)
https://bugzilla.redhat.com/show_bug.cgi?id=1081287
[ 2 ] Bug #1081288 – CVE-2014-2684 CVE-2014-2685 php-ZendFramework: OpenID identity provider could be used to spoof other identity providers (ZF2014-02)
https://bugzilla.redhat.com/show_bug.cgi?id=1081288
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update php-ZendFramework2’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
——————————————————————————–
Fedora Update Notification
FEDORA-2014-4612
2014-04-02 07:52:39
——————————————————————————–
Name : php-ZendFramework2
Product : Fedora 20
Version : 2.2.6
Release : 1.fc20
URL : http://framework.zend.com
Summary : Zend Framework 2
Description :
Zend Framework 2 is an open source framework for developing web applications
and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code
and utilizes most of the new features of PHP 5.3, namely namespaces, late
static binding, lambda functions and closures.
Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework
with over 15 million downloads.
Note: This meta package installs all base Zend Framework component packages
(Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db,
Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n,
InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager,
Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar,
Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text,
Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and
Cache-memcached packages.
——————————————————————————–
Update Information:
Upstream release notes:
https://github.com/zendframework/zf2/releases/tag/release-2.2.6
——————————————————————————–
ChangeLog:
* Tue Apr 1 2014 Remi Collet <remi@fedoraproject.org> 2.2.6-1
– Updated to 2.2.6 for CVE-2014-2681 CVE-2014-2682
CVE-2014-2683 CVE-2014-2684 CVE-2014-2685
– new package ZendXml
– fix for unversioned doc directory
——————————————————————————–
References:
[ 1 ] Bug #1081287 – CVE-2014-2681 CVE-2014-2682 CVE-2014-2683 php-ZendFramework: XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws fixed in 1.12.4, 2.1.6, and 2.2.6 (ZF2014-01)
https://bugzilla.redhat.com/show_bug.cgi?id=1081287
[ 2 ] Bug #1081288 – CVE-2014-2684 CVE-2014-2685 php-ZendFramework: OpenID identity provider could be used to spoof other identity providers (ZF2014-02)
https://bugzilla.redhat.com/show_bug.cgi?id=1081288
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update php-ZendFramework2’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
7e