FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Zend Framework -- security issues in bundled Dojo library

Affected packages
ZendFramework < 1.10.3

Details

VuXML ID 8ad1c404-3e78-11df-a5a1-0050568452ac
Discovery 2010-04-01
Entry 2010-04-06

The Zend Framework team reports:

Several files in the bundled Dojo library were identified as having potential exploits, and the Dojo team also advised disabling or removing any PHP scripts in the Dojo library tree when deploying to production.

References

URL http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
URL http://framework.zend.com/security/advisory/ZF2010-07
URL http://osdir.com/ml/bugtraq.security/2010-03/msg00133.html
URL http://packetstormsecurity.org/1003-exploits/dojo-xss.txt
URL http://secunia.com/advisories/38964
URL http://www.gdssecurity.com/l/b/2010/03/12/multiple-dom-based-xss-in-dojo-toolkit-sdk/