[Bug 506304] [NEW] Security Issues in Zend-Framework

Stephan Hermann sh at sourcecode.de
Tue Jan 12 09:07:48 UTC 2010 

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: zend-framework

The following security issues were detected in Zend-Framework:

 * ZF2010-06: Potential XSS or HTML Injection vector in Zend_Json 
   http://framework.zend.com/security/advisory/ZF2010-06
 * ZF2010-05: Potential XSS vector in Zend_Service_ReCaptcha_MailHide 
   http://framework.zend.com/security/advisory/ZF2010-05
 * ZF2010-04: Potential MIME-type Injection in Zend_File_Transfer 
   http://framework.zend.com/security/advisory/ZF2010-04
 * ZF2010-03: Potential XSS vector in Zend_Filter_StripTags when comments allowed
   http://framework.zend.com/security/advisory/ZF2010-03
 * ZF2010-02: Potential XSS vector in Zend_Dojo_View_Helper_Editor
   http://framework.zend.com/security/advisory/ZF2010-02
 * ZF2010-01: Potential XSS vectors due to inconsistent encodings
   http://framework.zend.com/security/advisory/ZF2010-01

** Affects: zend-framework (Ubuntu)
     Importance: Undecided
     Assignee: Stephan Hermann (shermann)
         Status: Fix Released

** Affects: zend-framework (Ubuntu Lucid)
     Importance: Undecided
     Assignee: Stephan Hermann (shermann)
         Status: Fix Released

** Affects: zend-framework (Ubuntu Jaunty)
     Importance: Undecided
     Assignee: Stephan Hermann (shermann)
         Status: Confirmed

** Affects: zend-framework (Ubuntu Karmic)
     Importance: Undecided
     Assignee: Stephan Hermann (shermann)
         Status: Confirmed


** Tags: security zend-framework

** Visibility changed to: Public

** Changed in: zend-framework (Ubuntu)
       Status: New => Confirmed

** Changed in: zend-framework (Ubuntu)
     Assignee: (unassigned) => Stephan Hermann (shermann)

** Also affects: zend-framework (Ubuntu Jaunty)
   Importance: Undecided
       Status: New

** Also affects: zend-framework (Ubuntu Karmic)
   Importance: Undecided
       Status: New

** Also affects: zend-framework (Ubuntu Lucid)
   Importance: Undecided
     Assignee: Stephan Hermann (shermann)
       Status: Confirmed

** Changed in: zend-framework (Ubuntu Karmic)
       Status: New => Confirmed

** Changed in: zend-framework (Ubuntu Karmic)
     Assignee: (unassigned) => Stephan Hermann (shermann)

** Changed in: zend-framework (Ubuntu Jaunty)
       Status: New => Confirmed

** Changed in: zend-framework (Ubuntu Jaunty)
     Assignee: (unassigned) => Stephan Hermann (shermann)

-- 
Security Issues in Zend-Framework
https://bugs.launchpad.net/bugs/506304
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list