blob: 9adb86074d371fa81419febf897f5723ac785cec (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>Dawid Golunski discovered that when running under PHP-FPM in a threaded
environment, Zend Framework, a PHP framework, did not properly handle XML data
in multibyte encoding. This could be used by remote attackers to perform an XML
External Entity attack via crafted XML data.</p>
<p>For Debian 6 <q>Squeeze</q>, this issue has been fixed in zendframework
version 1.10.6-1squeeze5.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2015/dla-302.data"
# $Id$
|
