CVE-2015-3154

NameCVE-2015-3154
DescriptionCRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-251-1, DSA-3265-1
NVD severitymedium

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
zendframeworksource(unstable)1.12.12+dfsg-1
zendframeworksourcejessie1.12.9+dfsg-2+deb8u1
zendframeworksourcesqueeze1.10.6-1squeeze3DLA-251-1
zendframeworksourcewheezy1.11.13-1.1+deb7u1DSA-3265-1

Notes

http://framework.zend.com/security/advisory/ZF2015-04

Search for package or bug name: Reporting problems