Security Advisory ZF2015-08: Potential SQL injection vector using null byte for PDO (MsSql, SQLite) Full Text: http://framework.zend.com/security/advisory/ZF2015-08
Also relevant: http://www.openwall.com/lists/oss-security/2015/09/30/6
A commit references this bug: Author: wg Date: Tue Oct 6 15:02:39 UTC 2015 New revision: 398701 URL: https://svnweb.freebsd.org/changeset/ports/398701 Log: security/vuxml: Document Zend Framework 1 vulnerability PR: 203462 Security: d3324fdb-6bf0-11e5-bc5e-00505699053e Security: CVE-2014-8089 Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: wg Date: Tue Oct 6 15:03:35 UTC 2015 New revision: 398702 URL: https://svnweb.freebsd.org/changeset/ports/398702 Log: www/zend-framework1: update to 1.12.16 PR: 203462 Security: d3324fdb-6bf0-11e5-bc5e-00505699053e Changes: head/www/zend-framework1/Makefile head/www/zend-framework1/distinfo head/www/zend-framework1/pkg-plist
Add merge-quarterly? Can you ask to MFH this as it was a security update?
A commit references this bug: Author: junovitch Date: Mon Oct 12 14:19:26 UTC 2015 New revision: 399132 URL: https://svnweb.freebsd.org/changeset/ports/399132 Log: Add CVE assignment to r398701 Zend Framework 1 entry PR: 203462 Security: CVE-2015-7695 Security: https://vuxml.FreeBSD.org/freebsd/d3324fdb-6bf0-11e5-bc5e-00505699053e.html Changes: head/security/vuxml/vuln.xml
Ping. Is there a documented reason this hasn't been MFH'd yet? Portsmon is showing this as building all green across the board. http://portsmon.freebsd.org/portoverview.py?category=www&portname=zend-framework1
Any update on merge-quarterly?
Any update?
Close PR with regards to merge-quarterly? as it's 2016 now. Let set as is as there was no feedback there but mark the PR closed/fixed as the main commits in head were all done.