Information on source package zendframework

Available versions

ReleaseVersion
wheezy1.11.13-1.1+deb7u6
wheezy (security)1.11.13-1.1+deb7u5
jessie1.12.9+dfsg-2+deb8u6
jessie (security)1.12.9+dfsg-2+deb8u4
sid1.12.20+dfsg-1

Open issues

BugwheezyjessiesidDescription
CVE-2016-4861fixedvulnerablefixedThe (1) order and (2) group methods in Zend_Db_Select in the Zend ...

Resolved issues

BugDescription
TEMP-0000000-BD69C5ZF2015-09: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend/Captcha/Word
TEMP-0000000-BD20F7ZF2010-07
TEMP-0000000-BB4B08zend framework multiple issues
TEMP-0000000-29F04AZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1
CVE-2016-6233The (1) order and (2) group methods in Zend_Db_Select in the Zend ...
CVE-2016-10034The setFrom function in the Sendmail adapter in the zend-mail ...
CVE-2015-7695The PDO adapters in Zend Framework before 1.12.16 do not filer null ...
CVE-2015-5723Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before ...
CVE-2015-5161The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework ...
CVE-2015-3154Potential CRLF injection attacks in mail and HTTP headers
CVE-2015-1786Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf ...
CVE-2015-1555Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, ...
CVE-2015-0270Potential SQL injection in PostgreSQL Zend\Db adapter
CVE-2014-8089ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte
CVE-2014-8088The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap ...
CVE-2014-4914ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select
CVE-2014-4913ZF2014-03: Potential XSS vector in multiple view helpers
CVE-2014-2685The GenericConsumer class in the Consumer component in ZendOpenId ...
CVE-2014-2684The GenericConsumer class in the Consumer component in ZendOpenId ...
CVE-2014-2683Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 ...
CVE-2014-2682Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 ...
CVE-2014-2681Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 ...
CVE-2012-6532(1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in ...
CVE-2012-6531(1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x ...
CVE-2012-5657The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in ...
CVE-2012-4451php-ZendFramework: XSS vectors in multiple Zend Framework components ZF2012-03
CVE-2012-3363Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before ...
CVE-2011-1939

Security announcements

DSA / DLADescription
DLA-646-1zendframework - security update
DLA-326-1zendframework - security update
DSA-3369-1zendframework - security update
DSA-3369-1zendframework - security update
DLA-302-1zendframework - security update
DSA-3340-1zendframework - security update
DSA-3340-1zendframework - security update
DLA-251-2zendframework - regression update
DLA-251-1zendframework - security update
DSA-3265-2zendframework - regression update
DSA-3265-2zendframework - regression update
DSA-3265-1zendframework - security update
DSA-2602-1zendframework - XML external entity inclusion
DSA-2505-1zendframework - information disclosure

Search for package or bug name: Reporting problems