Bug#754201: Potential SQL injection in the ORDER implementation of Zend_Db_Select (ZF2014-04)

Package: zendframework Version: 1.12.5-0.1 Severity: grave Tags: security upstream patch Affected versions: v1.12.0 up to v1.12.6 (Squeeze and Wheezy are not affected) Upstream security issue: http://framework.zend.com/security/advisory/ZF2014-04 Upstream patch:

Bug#754201: Potential SQL injection in the ORDER implementation of Zend_Db_Select (ZF2014-04)

Hi David, On Tue, Jul 08, 2014 at 12:32:11PM -0400, David Prévot wrote: Package: zendframework Version: 1.12.5-0.1 Severity: grave Tags: security upstream patch Affected versions: v1.12.0 up to v1.12.6 (Squeeze and Wheezy are not affected) I have not looked in detail about the reason,

Bug#754201: Potential SQL injection in the ORDER implementation of Zend_Db_Select (ZF2014-04)

Control: found -1 1.11.13-1.1 Hi Salvatore, On Tue, Jul 08, 2014 at 12:32:11PM -0400, David Prévot wrote: Package: zendframework Version: 1.12.5-0.1 Affected versions: v1.12.0 up to v1.12.6 (Squeeze and Wheezy are not affected) I have not looked in detail about the reason Seems like I

Processed: Re: Bug#754201: Potential SQL injection in the ORDER implementation of Zend_Db_Select (ZF2014-04)

Processing control commands: found -1 1.11.13-1.1 Bug #754201 [zendframework] Potential SQL injection in the ORDER implementation of Zend_Db_Select (ZF2014-04) Marked as found in versions zendframework/1.11.13-1.1. -- 754201: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754201 Debian Bug