Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Sep 2015 12:55:45 +0200
From: Alessandro Ghedini <alessandro@...dini.me>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: CVE Request: zendframework SQL injections

Hello,

the Zendframework project released the following advisory:

> ZF2015-08: Potential SQL injection vector using null byte for PDO (MsSql, SQLite)
http://framework.zend.com/security/advisory/ZF2015-08

The patch for the MS SQL backend seems to be:
https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2

but I couldn't find the fix for the mentioned SQLite backend.

This is somewhat related to CVE-2014-8089, which was about a similar issue
in the sqlsrv backend.

Can CVE(s) be assigned for these issues?

Thanks

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ