oss-sec mailing list archives
Re: CVE Request: Zend Framework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select
From: cve-assign () mitre org
Date: Sat, 16 Jul 2016 10:30:58 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
The Zend Framework project released security advisory ZF2016-02 to address a potential SQL injection in ORDER and GROUP statements of Zend_Db_Select.
https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967 https://framework.zend.com/security/advisory/ZF2016-02
This security fix can be considered as an improvement of the previous ZF2014-04.
Use CVE-2016-6233. This vulnerability exists because of an incomplete fix for CVE-2014-4914. (The CVE ID assignment for ZF2014-04 was in the http://www.openwall.com/lists/oss-security/2014/07/11/4 post.) - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXikTFAAoJEHb/MwWLVhi2eLUP/2dZUfNgmcqUgI0D7zGFOjAC AZfk2kVe0S6dvMtcga6G+O+XEib8cgZldvak7uCC0UH3XGuUc9HWPnaVvTX8SBKE w+CMG7jWqSNNdWOF05m+yh7xlci2I/RV+Tu5Gm6jmLcpMbCnlHoibQsbAiWmGRgJ KCv1ktT/yMx9LPHPZVOR1MtJUBbv8adJzOkywJYiEYzDf7H61CUNEHi51hR/8mCu 2NcOLAi4rIlWYvHuUiNOtnd8ZKYk56QwLVo7HZ9XaMDlvBf1XDxm8VrAX3kZmLKv 4WHKnk37H7W2XHw4KBksBNsZ/KANFk0wjsvWz3etsiUdm2JNvOKOjyURNraEEa4q VtwYCNB7CuB9tnuykO1qRm+dI5iGLUja5xRkSXzz/DHbnFpVp/4+kS3JRwWyGk8J ESzifKuJLNMIwS1/LWKwjP0kIbfpoP7CixtBHIcayJIF8VRAQZJrVBPzHZHXbDnQ TzeAOTRaXqrxcsY1YhKJVgmN0IdQ8RcIWsrvKnZMY+whBd21/lghOFi2Ony6ycVf ZvCKSAIWpufGA7y+ZHlDacyp3z1At0FdjU2b1Uqkp6CaX2h7V06nMlJhgMxWvOll 4x32KeSL6YaNIgYMx/PgrMbzqUbZH3442myXFM5BA1AmD3HkDtGNsxcbBbF06ii2 DpO/xTBvwbInmtUy/sWA =p31W -----END PGP SIGNATURE-----
Current thread:
- CVE Request: Zend Framework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select Salvatore Bonaccorso (Jul 15)
- Re: CVE Request: Zend Framework: Potential SQL injection in ORDER and GROUP statements of Zend_Db_Select cve-assign (Jul 16)