[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 326-1] zendframework security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : zendframework
Version        : 1.10.6-1squeeze6
CVE ID         : CVE-2015-7695

The PDO adapters of Zend Framework 1 did not filter null bytes values in
SQL statements. A PDO adapter can treat null bytes in a query as a
string terminator, allowing an attacker to add arbitrary SQL following a
null byte, and thus create a SQL injection.

For Debian 6 Squeeze, this issue has been fixed in zendframework
version 1.10.6-1squeeze6.


Regards,

- --
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----
Version: Mailvelope v1.2.0
Comment: https://www.mailvelope.com

wsFcBAEBCAAQBQJWIBWKCRAelT4n1DEeWAAALckP/0MhKHPru0a4xztjnQuD
A9Y5q3S1pIZassFs0d/8KwMNlbmptn5sZmKnI/IZ7DYFxcrfvHXrYmUjbg/x
KEQX63ewH5kEOLHtoWYm5Vc0dAEXXQ3yIX1GfyZaQwQ5YDpEpJSlzGyc2Ggz
ySyPqAscSukulWB2cYTygmQw/gNif1Yu64GbitTkoncDvEA2AwNCgyK2SNXU
9KRSQRDOpakgVA2VBXvshI7DVXZabpOMbiGPZmHkde/3buYCslxedAuHvOJu
k4+kbUFilkBJWtpMjLquPqKc+koEPlgh9qv5uUQH5s2bdJEZyn4jZMwfP533
vR90jWW5Jg5CtIzFg6Ys24ZM3P74mygzmTFyih7BjJUCJ161IyX+Usu+bW2v
Fq+2223JWHuY/pf9K3Cylk7vOf6yXCcUKbQlS/njQ8pVl6jGYhdsiFlmaN6V
JQYu9ex/B/vQMbDOufQ45bj4I3Elqaaf0ZgjANcmDG4Frwr+P4vwibaCSohq
zHsKor32QivM8RnzUL0ELaHwpZn25HmLgq2aqvv/hwVOe8G3jj5jXubVhVay
hDeXc8DhnQHIFt1MtI3lYTT2TgG5rph6R3jT4Q/tevGRpdZk6VToAtSJFlMt
Ql3J3CwlD4Y0UJzvhn0nVS6LRHmRga5cJwG9Fx7Cru5xmnNKS+oh/6+4iUb7
Y3Yj
=REfw
-----END PGP SIGNATURE-----


Reply to: