Date: Wed, 30 Sep 2015 12:55:45 +0200 From: Alessandro Ghedini <alessandro@...dini.me> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: CVE Request: zendframework SQL injections Hello, the Zendframework project released the following advisory: > ZF2015-08: Potential SQL injection vector using null byte for PDO (MsSql, SQLite) http://framework.zend.com/security/advisory/ZF2015-08 The patch for the MS SQL backend seems to be: https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2 but I couldn't find the fix for the mentioned SQLite backend. This is somewhat related to CVE-2014-8089, which was about a similar issue in the sqlsrv backend. Can CVE(s) be assigned for these issues? Thanks Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ