Debian 9859 Published by

Updated zendframework packages are now available for Debian 6 LTS



Package : zendframework
Version : 1.10.6-1squeeze6
CVE ID : CVE-2015-7695

The PDO adapters of Zend Framework 1 did not filter null bytes values in
SQL statements. A PDO adapter can treat null bytes in a query as a
string terminator, allowing an attacker to add arbitrary SQL following a
null byte, and thus create a SQL injection.

For Debian 6 Squeeze, this issue has been fixed in zendframework
version 1.10.6-1squeeze6.