FEDORA-EPEL-2016-efb0141e9c

security update in Fedora EPEL 6 for php-ZendFramework

Status: stable 2 years ago

Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233

Comments 8

This update has been submitted for testing by heffer.

This update has been pushed to testing.

php-extras provided php-mssql in epel6 doesn't provide php-pdo_dblib causing this problem:

package: php-ZendFramework-Db-Adapter-Pdo-Mssql-1.12.20-1.el6.noarch

unresolved deps:

 php-pdo_dblib
karma: -1

Dependency issue should be fixed by php-extras-5.3.3-5.el6

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

FYI, I just push php-extras to stable, so ok to also push this one.

This update has been submitted for stable by heffer.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1357554 CVE-2016-6233 php-ZendFramework: ZendFramework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select [epel-all]
#1376342 CVE-2016-4861 php-ZendFramework: ZendFramework: SQL injection vulnerability [epel-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 2

00 #1357554 CVE-2016-6233 php-ZendFramework: ZendFramework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select [epel-all]
00 #1376342 CVE-2016-4861 php-ZendFramework: ZendFramework: SQL injection vulnerability [epel-all]

Automated Test Results