[Secure-testing-team] Bug#754201: Potential SQL injection in the ORDER implementation of Zend_Db_Select (ZF2014-04)
David Prévot
taffit at debian.org
Tue Jul 8 16:32:11 UTC 2014
Package: zendframework
Version: 1.12.5-0.1
Severity: grave
Tags: security upstream patch
Affected versions: v1.12.0 up to v1.12.6 (Squeeze and Wheezy are not
affected)
Upstream security issue:
http://framework.zend.com/security/advisory/ZF2014-04
Upstream patch:
https://github.com/zendframework/zf1/commit/da09186c60b9168520e994af4253fba9c19c2b3d
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20140708/cb591bb2/attachment.sig>
More information about the Secure-testing-team
mailing list