CVE Request: zendframework SQL injections

[Alessandro Ghedini <alessandro () ghedini me>]

Hello,

the Zendframework project released the following advisory:

> ZF2015-08: Potential SQL injection vector using null byte for PDO (MsSql, SQLite)
http://framework.zend.com/security/advisory/ZF2015-08

The patch for the MS SQL backend seems to be:
https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2

but I couldn't find the fix for the mentioned SQLite backend.

This is somewhat related to CVE-2014-8089, which was about a similar issue
in the sqlsrv backend.

Can CVE(s) be assigned for these issues?

Thanks

Attachment: signature.asc
Description: