Good morning,
The 1.12.9, 2.2.8, and 2.3.3 releases of the Zend Framework fix two issues:
http://framework.zend.com/blog/zend-framework-1-12-9-2-2-8-and-2-3-3-released.html
http://framework.zend.com/security/advisory/ZF2014-05
http://framework.zend.com/security/advisory/ZF2014-06
Could CVEs please be assigned?
(For the ZF2014-05 advisory, the discussion in http://www.openwall.com/lists/oss-security/2014/06/09/2 may be helpful if needed.)
Thanks,
--
Murray McAllister / Red Hat Product Security