Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20141010063340.53767C504E0@smtptsrv1.mitre.org>
Date: Fri, 10 Oct 2014 02:33:40 -0400 (EDT)
From: cve-assign@...re.org
To: mmcallis@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Zend Framework ZF2014-05 and ZF2014-06

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> http://framework.zend.com/security/advisory/ZF2014-05

Use CVE-2014-8088 (for the issue in both Zend Framework 1.x and
Zend Framework 2.x).


> http://framework.zend.com/security/advisory/ZF2014-06

Use CVE-2014-8089 (for the issue in both Zend Framework 1.x and
Zend Framework 2.x).


> (For the ZF2014-05 advisory, the discussion in
> http://www.openwall.com/lists/oss-security/2014/06/09/2 may be helpful
> if needed.)

Our understanding is that ZF2014-05 is not closely related to the
http://www.openwall.com/lists/oss-security/2014/06/09/2 topic. That
June post is about incorrect use of the "empty" PHP library function,
an implementation error that (as far as we know) occurred only in
Horde. ZF2014-05 is about \0 characters, an implementation error that
occurred in Zend Framework and also in, for example, MantisBT (see the
http://openwall.com/lists/oss-security/2014/09/12/14 post).

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUN3z9AAoJEKllVAevmvmsfhQIAMiuq6nl6+Xcr+o4xN3wL4Qi
fM9K5qyEAcIlrW8Q3F7Ec49wHkEsiCxD/cu3QRyyiY8R1kvm9rYt4paCyThSh+qU
2VRNnJdwMsZ8aXfJQVOE1fZvCmzay4vIlQdarTGhG7DhqEIaNehx+3QoueJEJ9qR
5AWEybnQdo5pTS9rqowTja2jy/9/QlAETk5Q7ASlcWGQx+JHVsNjtWn6N8rhb0eq
4iQfCDzijH2MfaeX/ydNl0CULmuWIzvYvsJ1kx3V3PH1fZZzF/PQLU1meDVqCg+z
p3xAP6+uwyOUZEdRQKsP+a0XkcTfd0sa5QaTkoGJIIjgUvywsR1bsC5/NUxa94Q=
=PYAP
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.