Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4FEAB24C.8040103@redhat.com>
Date: Wed, 27 Jun 2012 01:12:12 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Nicolas Grégoire <nicolas.gregoire@...rri.fr>
Subject: Re: XXE in Zend

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/26/2012 06:12 AM, Nicolas Grégoire wrote:
> Hello,
> 
> this Zend XXE vulnerability was published without a CVE: 
> http://framework.zend.com/security/advisory/ZF2012-01
> 
> Regards, Nicolas
> 

Please use CVE-2012-3363 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP6rJMAAoJEBYNRVNeJnmTjT8P/0xt69iPnvQzTzBXqkIkrfK1
al1wlJLH5mXL9ajQ90uuGSrR3/8dzcwcE4/jmYn5f4yAt1dBSYFppSFQfBHl2XXb
f527RFzHtNr8corGRJW4doqbOqHnNADpvIh/uVBcVL8p4NONlnBhho9N9ymH/YF3
zF1Rg4DlbiIdSL60jd0Ws3aZp+kdX6vU6tVsWyyT2ML6M4YRJ1YDgp2iz/vd/US7
CKgAjdZ6Zs98CYCFTFjm+SsHCoSp5QkyZF7CIrrnRJzVRn5g9Bwdc85S7fwW3zuq
ahfuReWXEwUCP4QUm2GKUotclZrwQ78RjvVGNB5CHPYEMZcA8eDGIE79intoY1Vf
z652Ltx79N0wTFfV1hFh5/JM7EwKXPVHdHv+GCIP/9vGQioH7FEEByOmye1kzW4o
AeIM345Wo5H8D0/hHVggvkUvWrOSbo/zWIEF4/ji6+Fm3hqVEfWQJ0+QnvvP1RRR
7JQVGY4hw9vP6UMI26C+1T2Mo+S2iXzQL3Xj1SxUKcbwvq7ZnV0Bc3qbVTibgKku
TPNKiJDgpsER4GCe4+f8+LX37JctQJaG8KAnIMEwvwCSBIkkpH+F0SQczVF+paUx
vMaFiyu6mRyCsO7AjKFnJQf3e1NHCihCvqZpxg4AyQLBCgThjrL1RLAHaut6VUmH
XING7OYKU3X2rTm24AZU
=YFqh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.