The Zend Framework project released security advisory ZF2016-02 to address a potential SQL injection in ORDER and GROUP statements of Zend_Db_Select. External References: https://framework.zend.com/security/advisory/ZF2016-02 Upstream fix: https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
Created php-ZendFramework tracking bugs for this issue: Affects: fedora-all [bug 1357553] Affects: epel-all [bug 1357554]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.