[Secure-testing-team] Bug#780424: Emedded ZendDb component affected by several security issues
David Prévot
taffit at debian.org
Fri Mar 13 17:13:24 UTC 2015
Package: galette
Version: 0.8+dfsg-1
Severity: serious
Tags: security upstream
Hi,
The galette package ships an embedded copy of ZendDb, but AFAICT, the
version shipped (2.3.1) is affected by several security issues:
CVE-2014-8089 and CVE-2015-0270 (aka ZF2014-06 and ZF2015-02).
Shipping embedded copy instead of packaging it has a cost…
https://anonscm.debian.org/cgit/collab-maint/galette.git/commit/?id=2e33ef76c470a0e7a9727ba4c281a7e3525e6720
FWIW, I’m willing to introduce the php-zend-db package (#780422) as soon
as upstream fixes its build system.
https://github.com/zendframework/zf2/issues/7243
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20150313/ae467cc3/attachment.sig>
More information about the Secure-testing-team
mailing list