FEDORA-EPEL-2016-efb0141e9c

security update in Fedora EPEL 6 for php-ZendFramework

Status: stable 2 years ago

Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233

How to install

sudo dnf upgrade --advisory=FEDORA-EPEL-2016-efb0141e9c

Comments 8

This update has been submitted for testing by heffer.

This update has been pushed to testing.

php-extras provided php-mssql in epel6 doesn't provide php-pdo_dblib causing this problem:

package: php-ZendFramework-Db-Adapter-Pdo-Mssql-1.12.20-1.el6.noarch

unresolved deps:

 php-pdo_dblib

karma: -1

Dependency issue should be fixed by php-extras-5.3.3-5.el6

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

FYI, I just push php-extras to stable, so ok to also push this one.

This update has been submitted for stable by heffer.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 2

00 #1357554 CVE-2016-6233 php-ZendFramework: ZendFramework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select [epel-all]
00 #1376342 CVE-2016-4861 php-ZendFramework: ZendFramework: SQL injection vulnerability [epel-all]

Automated Test Results