Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian@packages.debian.org
Usertags: pu
Hi,
As agreed with the security team, Iâd like to fix another potential
entropy vulnerability has been fixed in zendframework.
The fix also gets rid of openssl_random_pseudo_bytes() introduced in the
previous ZF2015-09 fix, and I also added a regression fix from the
CVE-2015-7695 (ZF2015-08) patch (this one was introduced in DSA-3369-1).
Please find attached the proposed debdiff for Jessie (a similar request
for Wheezy follows), the changelog entry is:
zendframework (1.12.9+dfsg-2+deb8u6) jessie; urgency=medium
* Fix regression from ZF2015-08: binary data corruption
* Backport security fix from 1.12.18:
- ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1
http://framework.zend.com/security/advisory/ZF2016-01
Regards
David
diff -Nru zendframework-1.12.9+dfsg/debian/changelog zendframework-1.12.9+dfsg/debian/changelog
--- zendframework-1.12.9+dfsg/debian/changelog 2015-11-24 18:25:30.0 -0400
+++ zendframework-1.12.9+dfsg/debian/changelog 2016-04-13 17:12:29.0 -0400
@@ -1,6 +1,15 @@
+zendframework (1.12.9+dfsg-2+deb8u6) jessie; urgency=medium
+
+ * Fix regression from ZF2015-08: binary data corruption
+ * Backport security fix from 1.12.18:
+- ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1
+ http://framework.zend.com/security/advisory/ZF2016-01
+
+ -- David Prévot Wed, 13 Apr 2016 16:37:00 -0400
+
zendframework (1.12.9+dfsg-2+deb8u5) jessie; urgency=medium
- * Backport security fix from 1.12.17
+ * Backport security fix from 1.12.17:
- ZF2015-09: Fixed entropy issue in word CAPTCHA
http://framework.zend.com/security/advisory/ZF2015-09
diff -Nru zendframework-1.12.9+dfsg/debian/patches/0007-ZF2015-08-Fix-null-byte-injection-for-PDO-MsSql.patch zendframework-1.12.9+dfsg/debian/patches/0007-ZF2015-08-Fix-null-byte-injection-for-PDO-MsSql.patch
--- zendframework-1.12.9+dfsg/debian/patches/0007-ZF2015-08-Fix-null-byte-injection-for-PDO-MsSql.patch 2015-11-24 18:18:19.0 -0400
+++ zendframework-1.12.9+dfsg/debian/patches/0007-ZF2015-08-Fix-null-byte-injection-for-PDO-MsSql.patch 2016-04-13 17:12:29.0 -0400
@@ -5,37 +5,31 @@
This addresses the same issue as found in ZF2014-06, but within the PDO MsSql
adapter. Additionally, it fixes transaction tests for that adapter.
-Origin: upstream, https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2
+Origin: upstream, https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2 https://github.com/zendframework/zf1/commit/70d8aba8c525190e906c663dfdc55355f6e74416
---
- library/Zend/Db/Adapter/Pdo/Abstract.php | 3 +-
- library/Zend/Db/Adapter/Pdo/Mssql.php| 2 +-
- tests/TestConfiguration.php.dist | 5 ++--
- tests/Zend/Db/Adapter/Pdo/MssqlTest.php | 47 +++-
- tests/Zend/Db/Adapter/Pdo/TestCommon.php | 10 +++
- tests/Zend/Db/Adapter/TestCommon.php | 5 ++--
+ library/Zend/Db/Adapter/Pdo/Abstract.php | 1 -
+ library/Zend/Db/Adapter/Pdo/Mssql.php| 17 +-
+ library/Zend/Db/Adapter/Pdo/Sqlite.php | 14
+ tests/TestConfiguration.php.dist | 5 +--
+ tests/Zend/Db/Adapter/Pdo/MssqlTest.php | 58
+ tests/Zend/Db/Adapter/Pdo/MysqlTest.php | 13 +--
+ tests/Zend/Db/Adapter/Pdo/SqliteTest.php | 11 ++
+ tests/Zend/Db/Adapter/Pdo/TestCommon.php | 10 ++
+ tests/Zend/Db/Adapter/TestCommon.php | 5 ++-
tests/Zend/Db/TestUtil/Pdo/Mssql.php | 4 ++-
- 7 files changed, 31 insertions(+), 45 deletions(-)
+ 10 files changed, 91 insertions(+), 47 deletions(-)
diff --git a/library/Zend/Db/Adapter/Pdo/Abstract.php b/library/Zend/Db/Adapter/Pdo/Abstract.php
-index 84a76f3..7699d7a 100644
+index 84a76f3..e12b602 100644
--- a/library/Zend/Db/Adapter/Pdo/Abstract.php
+++ b/library/Zend/Db/Adapter/Pdo/Abstract.php
-@@ -292,6 +292,8 @@ abstract class Zend_Db_Adapter_Pdo_Abstract extends Zend_Db_Adapter_Abstract
- if (is_int($value) || is_float($value)) {
- return $value;
- }
-+// Fix for null-byte injection
-+$value = addcslashes($value, "\000\032");
- $this->_connect();
- return $this->_connection->quote($value);
- }
-@@ -398,4 +400,3 @@ abstract class Zend_Db_Adapter_Pdo_Abstract extends Zend_Db_Adapter_Abstract
+@@ -398,4 +398,3 @@ abstract class Zend_Db_Adapter_Pdo_Abstract extends Zend_Db_Adapter_Abstract
}
}
}
-
diff --git a/library/Zend/Db/Adapter/Pdo/Mssql.php b/library/Zend/Db/Adapter/Pdo/Mssql.php
-index e3d8c7a..8a8d306 100644
+index e3d8c7a..6081887 100644
--- a/library/Zend/Db/Adapter/Pdo/Mssql.php
+++ b/library/Zend/Db/Adapter/Pdo/Mssql.php
@@ -410,7 +410,7 @@ class Zend_Db_Adapter_Pdo_Mssql extends Zend_Db_Adapter_Pdo_Abstract
@@ -47,6 +41,49 @@
$result