Your message dated Sat, 12 Mar 2022 15:04:41 +0000
with message-id <e1nt3ip-000iow...@fasolo.debian.org>
and subject line Bug#1004376: fixed in libphp-adodb 5.21.4-1
has caused the Debian Bug report #1004376,
regarding libphp-adodb: CVE-2021-3850 - Authentication Bypass in PostgreSQL
connections
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1004376: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1004376
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libphp-adodb
Version: 5.20.19-1
Severity: grave
Tags: security
Justification: user security hole
X-Debbugs-Cc: codeh...@debian.org, Debian Security Team
<t...@security.debian.org>
Hi,
The following vulnerability was published for libphp-adodb.
CVE-2021-3850[0]:
| Authentication Bypass by Primary Weakness in GitHub repository
| adodb/adodb prior to 5.20.21.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-3850
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3850
Please adjust the affected versions in the BTS as needed.
The upstream issue describes the problem as:
"a critical security issue - anyone relying on ADOdb < 5.20.21 and <
5.21.4 to connect to a PostgreSQL database is strongly advised to
upgrade as soon as possible."
The affected line shows up in the current package in unstable:
https://sources.debian.org/src/libphp-adodb/5.20.19-1/drivers/adodb-postgres64.inc.php/?hl=50#L54
(Same version is in bullseye).
https://sources.debian.org/src/libphp-adodb/5.20.14-1/drivers/adodb-postgres64.inc.php/#L54
(buster)
-- System Information:
Debian Release: bookworm/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.15.0-3-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
--- End Message ---
--- Begin Message ---
Source: libphp-adodb
Source-Version: 5.21.4-1
Done: Jean-Michel Vourgère <nir...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libphp-adodb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1004...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jean-Michel Vourgère <nir...@debian.org> (supplier of updated libphp-adodb
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 12 Mar 2022 15:11:01 +0100
Source: libphp-adodb
Binary: libphp-adodb
Architecture: source
Version: 5.21.4-1
Distribution: unstable
Urgency: medium
Maintainer: Cameron Dale <camrd...@gmail.com>
Changed-By: Jean-Michel Vourgère <nir...@debian.org>
Description:
libphp-adodb -
Closes: 1004376
Changes:
libphp-adodb (5.21.4-1) unstable; urgency=medium
.
* New upstream release. (Closes: #1004376)
* Updated d/watch.
* Refreshed d/copyright.
* Bumped policy to 4.6.0.
Checksums-Sha1:
8e2b2d48c0519684fd110328e14d16f96dc785f5 1943 libphp-adodb_5.21.4-1.dsc
3f37975097af84eb7083ea7c7dee04c5d9613aac 435699 libphp-adodb_5.21.4.orig.tar.gz
98ae5ff553f2ec6562005194c8331fccceef7a78 8092
libphp-adodb_5.21.4-1.debian.tar.xz
46f1f00333ddfaa60a783481c9231109bc32e0dc 6671
libphp-adodb_5.21.4-1_amd64.buildinfo
Checksums-Sha256:
91c7c17fab0cc64531329624c6ac66d6ef717e2e0bcf79dbbe426a9c21248d29 1943
libphp-adodb_5.21.4-1.dsc
422f73a60876f285182f6c0bebe4d83318e0282ae1dd85b66a8283072f8ee856 435699
libphp-adodb_5.21.4.orig.tar.gz
4e4f187e4e99a6f0328699b514bec4e518aa4f452f1b9134a876ca635b49fb5f 8092
libphp-adodb_5.21.4-1.debian.tar.xz
3a5599aef432ec975ac3090e788427de25bd3d92f720a272d58380fc2fc83f2c 6671
libphp-adodb_5.21.4-1_amd64.buildinfo
Files:
22bf2e0bd318740e0407c856d26456aa 1943 php optional libphp-adodb_5.21.4-1.dsc
4a844398e129c71bc23c43696b109049 435699 php optional
libphp-adodb_5.21.4.orig.tar.gz
cc7c3dad9323d0be5b33ca544e04992b 8092 php optional
libphp-adodb_5.21.4-1.debian.tar.xz
fc5013f0639126165580b8224c9f6e86 6671 php optional
libphp-adodb_5.21.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEQIMD57NJdABlZVMrO1wscaIY2DwFAmIssN0SHG5pcmdhbEBk
ZWJpYW4ub3JnAAoJEDtcLHGiGNg8Z48P/3KFXFzkbZxn+hIBJJVfXsQA1FkJbY6G
hgIk18ch9dHGrIBDAP14IokIFcI64u7SkveUxNfqESjyvr05aIOvGGnoUNbWhVyM
AnEOK8jQ6hkJrlKIMEK/DAVApvetp/MMmjoy02iEmmb88V2tFmzvcWdy3XYesQqa
o3nTrNbi5BC36W8WRdirZbPWEIC3+u2r+ub1L4zm5FiJ+H/uHH5WQEWYPbF+be0v
x97QjM5BckRWHgmuZg8CJ11NEuoo5zicqMCu/gnGdPcPY759SGd+uhBxojnwCBt+
zTa2DTDIKDq4HVCE2egxaVqqCiS+rrK8Cmq+g92IS0FPAHHktOwP/eu/FjnePqFU
Sr3iJZNqG/YrFjDzdgJycPH5Skl4v1gtctAg8DnsH2yDJO7kHG2XqVXJJH1a9YQT
LoAE/bZcQJjeb3vLhRk/+zirjubKVC4fvEf+230S1HYEoure+2+86YsSKLHZC+dN
11wn9TN4s8lK0CnewV4TRTwBASFptS3VNHox4feswnJJsdAmzqaabFHPRSyGg+EN
l5B4vFboVYCgsD+u/elA3EDrZlAgPnkt+xpAHK8i8eE5354ntpwd//m2mrm0zhz1
7bAAPDGuhvWwn4JGoilRMt1uqiHmsu36uEmtF5era9gkDjQmKX083KmsYKU+Qus0
2Yp98QaCNAPh
=6tLF
-----END PGP SIGNATURE-----
--- End Message ---
