Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Sep 2015 16:23:31 +0200
From: Alessandro Ghedini <>
Subject: Re: CVE Request: zendframework SQL injections

On Wed, Sep 30, 2015 at 12:55:45PM +0200, Alessandro Ghedini wrote:
> Hello,
> the Zendframework project released the following advisory:
> > ZF2015-08: Potential SQL injection vector using null byte for PDO (MsSql, SQLite)
> The patch for the MS SQL backend seems to be:
> but I couldn't find the fix for the mentioned SQLite backend.

It was pointed out to me that that patch also includes changes for the file
library/Zend/Db/Adapter/Pdo/Abstract.php, which is used by the SQLite backend.
So it should cover both MS SQL *and* SQLite.


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ