FEDORA-EPEL-2016-efb0141e9c

security update in Fedora EPEL 6 for php-ZendFramework

Status: stable 2 years ago

Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233

Comments 8

This update has been submitted for testing by heffer.

This update has been pushed to testing.

php-extras provided php-mssql in epel6 doesn't provide php-pdo_dblib causing this problem:

package: php-ZendFramework-Db-Adapter-Pdo-Mssql-1.12.20-1.el6.noarch

unresolved deps:

 php-pdo_dblib
karma: -1

Dependency issue should be fixed by php-extras-5.3.3-5.el6

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

FYI, I just push php-extras to stable, so ok to also push this one.

This update has been submitted for stable by heffer.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#1376342 CVE-2016-4861 php-ZendFramework: ZendFramework: SQL injection vulnerability [epel-all]
#1357554 CVE-2016-6233 php-ZendFramework: ZendFramework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select [epel-all]
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests not running
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 2

00 #1376342 CVE-2016-4861 php-ZendFramework: ZendFramework: SQL injection vulnerability [epel-all]
00 #1357554 CVE-2016-6233 php-ZendFramework: ZendFramework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select [epel-all]

Automated Test Results

Test results and gating status may sometimes conflict as the gating status is retrieved periodically by Bodhi's backend server, while the test results presented here are retrieved upon page load. If your update is marked as gated while all the tests show green/passed, the next check of gating status should open the gate.