[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE Request: zendframework SQL injections
From: Alessandro Ghedini <alessandro () ghedini ! me>
Date: 2015-09-30 14:23:31
Message-ID: 20150930142331.GA18445 () kronk ! local
[Download RAW message or body]
On Wed, Sep 30, 2015 at 12:55:45PM +0200, Alessandro Ghedini wrote:
> Hello,
>
> the Zendframework project released the following advisory:
>
> > ZF2015-08: Potential SQL injection vector using null byte for PDO (MsSql, SQLite)
> http://framework.zend.com/security/advisory/ZF2015-08
>
> The patch for the MS SQL backend seems to be:
> https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2
>
> but I couldn't find the fix for the mentioned SQLite backend.
It was pointed out to me that that patch also includes changes for the file
library/Zend/Db/Adapter/Pdo/Abstract.php, which is used by the SQLite backend.
So it should cover both MS SQL *and* SQLite.
Cheers
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic