blob: 8489564daa571afcf5dee21209313681ee4b150c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
<define-tag description>LTS security update</define-tag>
<define-tag moreinfo>
<p>The PDO adapters of Zend Framework 1 did not filter null bytes values in
SQL statements. A PDO adapter can treat null bytes in a query as a
string terminator, allowing an attacker to add arbitrary SQL following a
null byte, and thus create a SQL injection.</p>
<p>For Debian 6 Squeeze, this issue has been fixed in zendframework
version 1.10.6-1squeeze6.</p>
</define-tag>
# do not modify the following line
#include "$(ENGLISHDIR)/lts/security/2015/dla-326.data"
# $Id$
|
