The 1.12.9, 2.2.8, and 2.3.3 releases of the Zend Framework fix an SQL injection issue when using the sqlsrv PHP extension. Full details are available in the upstream advisory. For the php-ZendFramework packages (not php-ZendFramework2) in Fedora 19 and 20, the fixed version is already in the testing repositories. References: http://framework.zend.com/security/advisory/ZF2014-06 http://framework.zend.com/blog/zend-framework-1-12-9-2-2-8-and-2-3-3-released.html
Created php-ZendFramework2 tracking bugs for this issue: Affects: fedora-all [bug 1151278] Affects: epel-6 [bug 1151280] Affects: epel-7 [bug 1151281]
Created php-ZendFramework tracking bugs for this issue: Affects: epel-6 [bug 1151279]
CVE request: http://www.openwall.com/lists/oss-security/2014/10/10/2
php-ZendFramework2-2.3.3-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
php-ZendFramework-1.12.9-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
php-ZendFramework-1.12.9-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
php-ZendFramework2-2.3.3-2.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
php-ZendFramework-1.12.9-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
php-ZendFramework2-2.3.3-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
php-ZendFramework-1.12.9-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
php-ZendFramework2-2.2.8-2.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
php-ZendFramework2-2.2.8-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
All dependent bugs have been addressed and are closed. Can this bug be closed?
Thanks for the hint!