--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2016-42cb1b4ac8
2016-06-29 11:12:49.632530
--------------------------------------------------------------------------------
Name : php-zendframework-zendxml
Product : Fedora EPEL 6
Version : 1.0.2
Release : 2.el6
URL :
http://framework.zend.com/
Summary : Zend Framework ZendXml component
Description :
An utility component for XML usage and best practices in PHP.
--------------------------------------------------------------------------------
Update Information:
## 2.2.10 (2015-02-18) ### SECURITY UPDATES - **ZF2015-02:**
`Zend\Db\Adapter\Platform\Postgresql` was incorrectly using `\\` to escape
double quotes in identifiers and values, which could lead to SQL injection
vectors. We have provided patches that use proper escaping. If you use
Postgresql with Zend Framework 2, we recommend upgrading immediately. ## 2.2.9
(2015-01-14) ### SECURITY UPDATES - **ZF2015-01:** Session validators were not
run if set before session start. Essentially, the validators were writing to
the `$_SESSION` superglobal before session start, which meant the data was
overwritten once the session began. This meant on subsequent calls, the
validators had no data to compare against, making the sessions automatically
valid. We have provided patches to ensure that validators are run only after
the session has begun, which will ensure they validate sessions correctly
going forward. If you use `Zend\Session` validators, we recommend upgrading
immediately.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1343989 - [epel6][security] php-ZendFramework2-2.2.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1343989
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update php-zendframework-zendxml' at the command line.
For more information, refer to "Managing Software with yum",
available at
https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------