Candidate: CVE-2016-4861
PublicDate: 2017-02-17 02:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4861
 http://framework.zend.com/security/advisory/ZF2016-03
Description:
 The (1) order and (2) group methods in Zend_Db_Select in the Zend Framework
 before 1.12.20 might allow remote attackers to conduct SQL injection
 attacks by leveraging failure to remove comments from an SQL statement
 before validation.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Hiroshi Tokumaru
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_zend-framework:
upstream_zend-framework: released (1.12.20)
precise_zend-framework: ignored (reached end-of-life)
precise/esm_zend-framework: DNE (precise was needs-triage)
trusty_zend-framework: ignored (reached end-of-life)
trusty/esm_zend-framework: DNE (trusty was needed)
vivid/stable-phone-overlay_zend-framework: DNE
vivid/ubuntu-core_zend-framework: DNE
xenial_zend-framework: ignored (end of standard support, was needed)
yakkety_zend-framework: ignored (reached end-of-life)
zesty_zend-framework: DNE
artful_zend-framework: DNE
bionic_zend-framework: DNE
cosmic_zend-framework: DNE
disco_zend-framework: DNE
eoan_zend-framework: DNE
focal_zend-framework: DNE
groovy_zend-framework: DNE
hirsute_zend-framework: DNE
impish_zend-framework: DNE
jammy_zend-framework: DNE
devel_zend-framework: DNE

Patches_zendframework:
upstream_zendframework: needed
precise_zendframework: DNE
precise/esm_zendframework: DNE
trusty_zendframework: DNE
trusty/esm_zendframework: DNE
vivid/stable-phone-overlay_zendframework: DNE
vivid/ubuntu-core_zendframework: DNE
wily_zendframework: DNE
xenial_zendframework: DNE
yakkety_zendframework: DNE
zesty_zendframework: ignored (reached end-of-life)
artful_zendframework: ignored (reached end-of-life)
bionic_zendframework: not-affected (1.12.20+dfsg-1)
cosmic_zendframework: not-affected (1.12.20+dfsg-1)
disco_zendframework: DNE
eoan_zendframework: DNE
focal_zendframework: DNE
groovy_zendframework: DNE
hirsute_zendframework: DNE
impish_zendframework: DNE
jammy_zendframework: DNE
devel_zendframework: DNE