[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1403-1] zendframework security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : zendframework
Version        : 1.12.9+dfsg-2+deb8u7
CVE ID         : CVE-2016-4861


CVE-2016-4861
     Allowing remote attackers to conduct SQL injection attacks by
     leveraging failure to remove comments from an SQL statement
     before validation.


For Debian 8 "Jessie", these problems have been fixed in version
1.12.9+dfsg-2+deb8u7.

We recommend that you upgrade your zendframework packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJbNT98XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHRIkQALCea6vZjA9RBO906EA3uxvJ
J3kdB+wolEYaXEGD99zyEpWGDKko7Aj8j2YFIBK2tEcw/UOFqaXNDkAeyJfYGMKm
Z3o4TYboDtpEW4OUDAAZ5Stb4eKKZ+7FZ1CpKU0Pbd630TbI7EqUq8yagKpQq1uO
sQZJHdbEzAavgSmRicqpUMq2anOoDcVoD4l0HYAODZYJKzcj2GNpjnCGiA9VrlQf
WymPBE1ZVy9vuecI6zBsRAxGRX124Woa1V7GrRZnDavBbIwZ/mjoseardUxbhVGr
WImqdlQYz7Te+hXMDyDg1wHW4izNplNJo0ehCFDxbKk7uSsKbrOWxSiaRnaF84A+
ZOJDCC6vV/AXUJYRY+jkpc9hN192dYm0lqSvk16ljRoaNBwwMrggTT9dK8vmcnQU
J6iLG4FQiht3Qi6yD/BFT9LCCGbCcqR3t7fCfWJdO9p7XMMB4Vl1d/RagWsX/C0a
ERgXSPRlnjAkxPRapOtidIw98O0TW7+m45z15OAJTEp4Vdnkkl2crW7q/8ILMN5i
+zc2M291ZYbNGKCKDVI68Xc7/FZln+LFk+ggrUMJiuQPeKiyJlwrWfVMbAzoWuZY
nwlQrighMO3hrdHrPmmnMv01xZjE3+PG3e9tFUlDLmfjK+Hi6LVF6DqqiJ1tsk+G
BTyAC+pDX73lEuUKXcsd
=/jJ6
-----END PGP SIGNATURE-----


Reply to: