-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 27 Sep 2016 18:33:02 +0200 Source: zendframework Binary: zendframework zendframework-bin zendframework-resources Architecture: source all Version: 1.11.13-1.1+deb7u5 Distribution: wheezy-security Urgency: high Maintainer: Frank Habermann <lordlamer@lordlamer.de> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: zendframework - powerful PHP framework zendframework-bin - binary scripts for zendframework zendframework-resources - resource scripts for zendframework Changes: zendframework (1.11.13-1.1+deb7u5) wheezy-security; urgency=high . * Non-maintainer upload by the Wheezy LTS Team. * CVE-2016-4861 The implementation of ORDER BY and GROUP BY in Zend_Db_Select remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensure no SQLi vectors occur. Checksums-Sha1: 95198b9d9616edd220ee976bf6e785ca8a3ec668 2072 zendframework_1.11.13-1.1+deb7u5.dsc b0921984bd2edc64a238c0a8db2f5be57844a751 20217474 zendframework_1.11.13.orig.tar.gz 28a9ef8f76b9ae889074f077dde4adeb456bdd17 45243 zendframework_1.11.13-1.1+deb7u5.diff.gz 94c952a0cc741c6a2d27c031bcd35ec00e06284d 3742300 zendframework_1.11.13-1.1+deb7u5_all.deb e5a9a50337b37f4dc87a35f5391cd648ba62db8a 11272 zendframework-bin_1.11.13-1.1+deb7u5_all.deb 9f7f9f9548d7f0c0bb619f1abc6aed40e942cf86 39648 zendframework-resources_1.11.13-1.1+deb7u5_all.deb Checksums-Sha256: 350d4a87f4784cbee7ba313b86057c1bd660bd110df36bc71e1701f36d2cb334 2072 zendframework_1.11.13-1.1+deb7u5.dsc 2d7349ae9133bd4fee39c5c7ab605c70d3a6db89bca229b4105a9b53b6a12996 20217474 zendframework_1.11.13.orig.tar.gz dad0bea73e46f300a811be4a92aaed37b23f96e4728c8f48d782f3aba1593f12 45243 zendframework_1.11.13-1.1+deb7u5.diff.gz da4d4bac71b4a0ddb462651e50b2801dc619376c35c6dac9a11cfaa09fdd0d38 3742300 zendframework_1.11.13-1.1+deb7u5_all.deb 2c7724323c7339e25fbdebc91a938df8d93115d03b10e8502688e4790916853a 11272 zendframework-bin_1.11.13-1.1+deb7u5_all.deb 149fc990f4e2ebb26b8d94e682ebb57bf1acb4b742f616b24f4fb668a9c08feb 39648 zendframework-resources_1.11.13-1.1+deb7u5_all.deb Files: 88c9033da70c485adb8f88f9cf3b2c14 2072 web optional zendframework_1.11.13-1.1+deb7u5.dsc db77b24f2ad4dbaf36f2a5b517522780 20217474 web optional zendframework_1.11.13.orig.tar.gz ae1c02d4ef2b61e9d54e85d68713c5d2 45243 web optional zendframework_1.11.13-1.1+deb7u5.diff.gz e9efbf61926668b3bdc6220701647517 3742300 web optional zendframework_1.11.13-1.1+deb7u5_all.deb 522c71ebeb90b2d73b63020465ecb497 11272 web optional zendframework-bin_1.11.13-1.1+deb7u5_all.deb 5560b6ba5bb7f4adb00fafa128e761ae 39648 web optional zendframework-resources_1.11.13-1.1+deb7u5_all.deb -----BEGIN PGP SIGNATURE----- iQKQBAEBCgB6BQJX9TtnXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3ExxkZWJpYW5AYWx0ZWhvbHouZGUACgkQlvysDTh7WEeY 4w//b+sG4K0P/T0GRa5NuexQxjrvqYJ08OGkrVS/ZeI8epoQjgNrHxLhGSA8tUnn +w4pbsuEU6tSmF1IoK+xNxwl4WxsbXArnFOCaR/c5JAmESzEWI0ZzH438tM/ZZYo l9AoCMgSioOQwtacrSJGszqbpTfwGB31j8W2NLic2xAovNYh5viMvAptkCI/wHlY yGQGtuUgQmxufXIlHnNHvBTKs9syS9qNe45ozS3gqgm1+FN+pmyeqq0ZsQM1wygw puFzEzCafptlFegrEQ1Lqv+H2+ZECME2KQqlZaO9lxyz9bGrOKtZ0zO5EYmLnDys AFKKf9Sk8LNtznHe1qENeg+SMoSBGnKCy//PY4x/XqABOg381TBdGi0OrgNQ1rv8 JZsuk/3cP8omQ3KMdzo9F6afTfSVAlnkH3UIl+DnfVoS4GggE1MS/GzUSxIGBHpR Oo/6jxeL75mU8+9CTZgStaQzqc/XmNmuDqlqpBgsQhBAo3J34EPi1+45Opioxg7A cfCGp26RwP4oV3EQ/OmJAS+67rzYYllD4v+jhOHvdQGxci7/zuFlf/q4m4bL58nY SL/qaQbREq0j9OiCtAkl21o3ad+iEVZdpMYlYU0nM1+gXuZuMnntJnNilMbfzHVQ sfJ029z2r9NoZkJEfO8gBRT7nou8c7PjJrFNuLs20eWQTWA= =5J9V -----END PGP SIGNATURE-----