Package: release.debian.org
Severity: normal
Tags: wheezy
User: release.debian@packages.debian.org
Usertags: pu
Hi,
As per #806165 (Jessie pu request), this update aims to fix a security
issue in zendframework:
* Backport security fix from 1.12.17:
- ZF2015-09: Fixed entropy issue in word CAPTCHA
http://framework.zend.com/security/advisory/ZF2015-09
Thanks in advance for considering.
Regards
David
diff --git a/debian/changelog b/debian/changelog
index 5e5e8cf..4b3947c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+zendframework (1.11.13-1.1+deb7u5) wheezy; urgency=medium
+
+ * Backport security fix from 1.12.17
+- ZF2015-09: Fixed entropy issue in word CAPTCHA
+ http://framework.zend.com/security/advisory/ZF2015-09
+
+ -- David Prévot Tue, 24 Nov 2015 18:28:53 -0400
+
zendframework (1.11.13-1.1+deb7u4) wheezy-security; urgency=high
* Backport security fixes from 1.12.16
diff --git a/debian/patches/0015-ZF2015-09-Fixed-entropy-issue-in-word-CAPTCHA.patch b/debian/patches/0015-ZF2015-09-Fixed-entropy-issue-in-word-CAPTCHA.patch
new file mode 100644
index 000..718f86e
--- /dev/null
+++ b/debian/patches/0015-ZF2015-09-Fixed-entropy-issue-in-word-CAPTCHA.patch
@@ -0,0 +1,337 @@
+From: Enrico Zimuel
+Date: Mon, 9 Nov 2015 17:26:45 +0100
+Subject: ZF2015-09: Fixed entropy issue in word CAPTCHA
+
+This patch fixes a potential entropy fixation vector with `Zend_Captcha_Word`.
+Prior to the fix, when selecting letters for the CAPTCHA, `array_rand()` was
+used, which does not use sufficient entropy during randomization. The patch
+backports randomization routines from ZF2 in order to provide a more
+cryptographically secure RNG.
+
+Origin: upstream, https://github.com/zendframework/zf1/commit/4a41392f89bf510a8ab801eacb117fe7ea25b575
+---
+ library/Zend/Captcha/Word.php | 29 +++-
+ library/Zend/Crypt/Math.php | 100 +++---
+ tests/Zend/Crypt/MathTest.php | 72 +-
+ 3 files changed, 182 insertions(+), 19 deletions(-)
+
+diff --git a/library/Zend/Captcha/Word.php b/library/Zend/Captcha/Word.php
+index 310cd2e..e0ddfe0 100644
+--- a/library/Zend/Captcha/Word.php
b/library/Zend/Captcha/Word.php
+@@ -22,6 +22,9 @@
+ /** @see Zend_Captcha_Base */
+ require_once 'Zend/Captcha/Base.php';
+
++/** @see Zend_Crypt_Math */
++require_once 'Zend/Crypt/Math.php';
++
+ /**
+ * Word-based captcha adapter
+ *
+@@ -39,10 +42,10 @@ abstract class Zend_Captcha_Word extends Zend_Captcha_Base
+ /**#@+
+ * @var array Character sets
+ */
+-static $V = array("a", "e", "i", "o", "u", "y");
+-static $VN = array("a", "e", "i", "o", "u", "y","2","3","4","5","6","7","8","9");
+-static $C = array("b","c","d","f","g","h","j","k","m","n","p","q","r","s","t","u","v","w","x","z");
+-static $CN = array("b","c","d","f","g","h","j","k","m","n","p","q","r","s","t","u","v","w","x","z","2","3","4","5","6","7","8","9");
++static public $V = array("a", "e", "i", "o", "u", "y");
++static public $VN = array("a", "e", "i", "o", "u", "y","2","3","4","5","6","7","8","9");
++static public $C = array("b","c","d","f","g","h","j","k","m","n","p","q","r","s","t","u","v","w","x","z");
++static public $CN = array("b","c","d","f","g","h","j","k","m","n","p","q","r","s","t","u","v","w","x","z","2","3","4","5","6","7","8","9");
+ /**#@-*/
+
+ /**
+@@ -175,7 +178,7 @@ abstract class Zend_Captcha_Word extends Zend_Captcha_Base
+ *
+ * @return string
+ */
+-public function getId ()
++public function getId()
+ {
+ if (null === $this->_id) {
+ $this->_setId($this->_generateRandomId());
+@@ -189,7 +192,7 @@ abstract class Zend_Captcha_Word extends Zend_Captcha_Base
+ * @param string $id
+ * return Zend_Captcha_Word
+ */
+-protected function _setId ($id)
++protected function _setId($id)
+ {
+ $this->_id = $id;
+ return $this;
+@@ -250,7 +253,7 @@ abstract class Zend_Captcha_Word extends Zend_Captcha_Base
+ $this->_useNumbers = $_useNumbers;
+ return $this;
+ }
+-
++
+ /**
+ * Get session object
+ *
+@@ -280,7 +283,7 @@ abstract class Zend_Captcha_Word extends Zend_Captcha_Base
+ public function setSession(Zend_Session_Namespace $session)
+ {
+ $this->_session = $session;
+-if($session) {
++if ($session) {
+ $this->_keepSession = true;
+ }
+ return $this;
+@@ -326,10 +329,12 @@ abstract class Zend_Captcha_Word extends Zend_Captcha_Base
+ $vowels = $this->_useNumbers ? self::$VN : self::$V;
+ $consonants = $this->_useNumbers ? self::$CN : self::$C;
+
++$totIndexCon = count($consonants) - 1;
++$totIndexVow = count($vowels) - 1;
+ for ($i=0; $i < $wordLen; $i = $i + 2) {
+ // generate word with mix of