Univention Bugzilla – Bug 47531
zendframework: Multiple issues (4.2)
Last modified: 2018-08-15 16:20:11 CEST
New Debian zendframework 1.12.9+dfsg-2+deb8u7 fixes: This update addresses the following issue(s): * * The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. (CVE-2016-4861) 1.12.9+dfsg-2+deb8u7 (Thu, 28 Jun 2018 19:37:00 +0200) * Non-maintainer upload by the LTS Team. * CVE-2016-4861 Allowing remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation.
--- mirror/ftp/4.2/unmaintained/4.2-0/source/zendframework_1.12.9+dfsg-2+deb8u6.dsc +++ apt/ucs_4.2-0-errata4.2-4/source/zendframework_1.12.9+dfsg-2+deb8u7.dsc @@ -1,3 +1,11 @@ +1.12.9+dfsg-2+deb8u7 [Thu, 28 Jun 2018 19:37:00 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2016-4861 + Allowing remote attackers to conduct SQL injection attacks by + leveraging failure to remove comments from an SQL statement + before validation. + 1.12.9+dfsg-2+deb8u6 [Wed, 13 Apr 2016 16:37:00 -0400] David Prévot <taffit@debian.org>: * Fix regression from ZF2015-08: binary data corruption <http://10.200.17.11/4.2-4/#30609505992070978>
OK: yaml OK: errata-announce OK: patch OK: piuparts [4.2-4] 3999994510 Bug #47531: zendframework 1.12.9+dfsg-2+deb8u7 doc/errata/staging/zendframework.yaml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) [4.2-4] 96b99eed0f Bug #47531: zendframework 1.12.9+dfsg-2+deb8u7 doc/errata/staging/zendframework.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
<http://errata.software-univention.de/ucs/4.2/490.html>