CVE-2015-3154

NameCVE-2015-3154
DescriptionPotential CRLF injection attacks in mail and HTTP headers
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-251-1, DSA-3265-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
zendframework (PTS)wheezy1.11.13-1.1+deb7u6fixed
wheezy (security)1.11.13-1.1+deb7u5fixed
jessie1.12.9+dfsg-2+deb8u6fixed
jessie (security)1.12.9+dfsg-2+deb8u4fixed
sid1.12.20+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zendframeworksource(unstable)1.12.12+dfsg-1
zendframeworksourcejessie1.12.9+dfsg-2+deb8u1
zendframeworksourcesqueeze1.10.6-1squeeze3DLA-251-1
zendframeworksourcewheezy1.11.13-1.1+deb7u1DSA-3265-1

Notes

http://framework.zend.com/security/advisory/ZF2015-04

Search for package or bug name: Reporting problems