-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : zendframework Version : 1.10.6-1squeeze6 CVE ID : CVE-2015-7695
The PDO adapters of Zend Framework 1 did not filter null bytes values in SQL statements. A PDO adapter can treat null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection. For Debian 6 Squeeze, this issue has been fixed in zendframework version 1.10.6-1squeeze6. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- Version: Mailvelope v1.2.0 Comment: https://www.mailvelope.com wsFcBAEBCAAQBQJWIBWKCRAelT4n1DEeWAAALckP/0MhKHPru0a4xztjnQuD A9Y5q3S1pIZassFs0d/8KwMNlbmptn5sZmKnI/IZ7DYFxcrfvHXrYmUjbg/x KEQX63ewH5kEOLHtoWYm5Vc0dAEXXQ3yIX1GfyZaQwQ5YDpEpJSlzGyc2Ggz ySyPqAscSukulWB2cYTygmQw/gNif1Yu64GbitTkoncDvEA2AwNCgyK2SNXU 9KRSQRDOpakgVA2VBXvshI7DVXZabpOMbiGPZmHkde/3buYCslxedAuHvOJu k4+kbUFilkBJWtpMjLquPqKc+koEPlgh9qv5uUQH5s2bdJEZyn4jZMwfP533 vR90jWW5Jg5CtIzFg6Ys24ZM3P74mygzmTFyih7BjJUCJ161IyX+Usu+bW2v Fq+2223JWHuY/pf9K3Cylk7vOf6yXCcUKbQlS/njQ8pVl6jGYhdsiFlmaN6V JQYu9ex/B/vQMbDOufQ45bj4I3Elqaaf0ZgjANcmDG4Frwr+P4vwibaCSohq zHsKor32QivM8RnzUL0ELaHwpZn25HmLgq2aqvv/hwVOe8G3jj5jXubVhVay hDeXc8DhnQHIFt1MtI3lYTT2TgG5rph6R3jT4Q/tevGRpdZk6VToAtSJFlMt Ql3J3CwlD4Y0UJzvhn0nVS6LRHmRga5cJwG9Fx7Cru5xmnNKS+oh/6+4iUb7 Y3Yj =REfw -----END PGP SIGNATURE-----