Package: galette Version: 0.8+dfsg-1 Severity: serious Tags: security upstream
Hi, The galette package ships an embedded copy of ZendDb, but AFAICT, the version shipped (2.3.1) is affected by several security issues: CVE-2014-8089 and CVE-2015-0270 (aka ZF2014-06 and ZF2015-02). Shipping embedded copy instead of packaging it has a cost… https://anonscm.debian.org/cgit/collab-maint/galette.git/commit/?id=2e33ef76c470a0e7a9727ba4c281a7e3525e6720 FWIW, I’m willing to introduce the php-zend-db package (#780422) as soon as upstream fixes its build system. https://github.com/zendframework/zf2/issues/7243 Regards David
signature.asc
Description: Digital signature