Ubuntu
zend-framework package

Branches for Intrepid

Name		Status	Last Modified	Last Commit
lp:ubuntu/intrepid/zend-framework		2 Mature	2009-08-04 16:40:16 UTC 2009-08-04	8. * debian/patches/ubuntu_01_fix_mail.d... Author: Stephan Rügamer Revision Date: 2008-08-18 15:26:22 UTC * debian/patches/ubuntu_01_fix_mail.diff: + Fixes upstream bugs: - ZF-3912 - ZF-3641 - ZF-3865 * debian/control: + added quilt to b-d * debian/rules: + added quilt targets to patch source
lp:ubuntu/intrepid-security/zend-framework		2 Mature	2009-08-04 16:42:14 UTC 2009-08-04	9. * SECURITY UPDATE: (LP: #345682) An... Author: Stephan Rügamer Revision Date: 2009-05-14 12:31:49 UTC * SECURITY UPDATE: (LP: #345682) Announcement: http://www.nabble.com/SECURITY-ADVISORY-tp22609193p22609193.html From Zend PHP FW Mailing List: The Zend Framework team was recently notified of an XSS attack vector in its Zend_Filter_StripTags class. Zend_Filter_StripTags offers the ability to strip HTML tags from text, but also to selectively choose which tags and specific attributes of those tags to keep. The XSS attack vector was due to a bug in matching HTML tag attributes to retain. If whitespace was introduced surrounding the attribute assignment operator or the value included newline characters, the attribute would always be included in the final output- even if it was not marked to retain. A security fix has been created and released with Zend Framework 1.7.7. Additionally, the fix has been back-ported to the 1.6, 1.5, and 1.0 release branches. * debian/patches/zf_Zend_Filter_security_fix.patch: Fixes security issue according to http://framework.zend.com/svn/framework/standard/branches/release-1.7/library/Zend/Filter/StripTags.php
lp:ubuntu/intrepid-updates/zend-framework		2 Mature	2009-08-04 16:40:40 UTC 2009-08-04	9. * SECURITY UPDATE: (LP: #345682) An... Author: Stephan Rügamer Revision Date: 2009-05-14 12:31:49 UTC * SECURITY UPDATE: (LP: #345682) Announcement: http://www.nabble.com/SECURITY-ADVISORY-tp22609193p22609193.html From Zend PHP FW Mailing List: The Zend Framework team was recently notified of an XSS attack vector in its Zend_Filter_StripTags class. Zend_Filter_StripTags offers the ability to strip HTML tags from text, but also to selectively choose which tags and specific attributes of those tags to keep. The XSS attack vector was due to a bug in matching HTML tag attributes to retain. If whitespace was introduced surrounding the attribute assignment operator or the value included newline characters, the attribute would always be included in the final output- even if it was not marked to retain. A security fix has been created and released with Zend Framework 1.7.7. Additionally, the fix has been back-ported to the 1.6, 1.5, and 1.0 release branches. * debian/patches/zf_Zend_Filter_security_fix.patch: Fixes security issue according to http://framework.zend.com/svn/framework/standard/branches/release-1.7/library/Zend/Filter/StripTags.php