| Name | CVE-2016-6233 |
| Description | The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern [\w]* in a regular expression. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| zendframework | source | wheezy | (not affected) | |||
| zendframework | source | jessie | (not affected) | |||
| zendframework | source | (unstable) | 1.12.19+dfsg-1 |
[jessie] - zendframework <not-affected> (introduced after 1.12.9)
[wheezy] - zendframework <not-affected> (introduced after 1.12.9)
http://framework.zend.com/security/advisory/ZF2016-02
https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967