Your message dated Fri, 02 May 2025 15:05:14 +0000
with message-id <e1uarww-006rnc...@fasolo.debian.org>
and subject line Bug#1104548: fixed in libphp-adodb 5.22.9-0.1
has caused the Debian Bug report #1104548,
regarding libphp-adodb: CVE-2025-46337
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1104548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104548
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libphp-adodb
Version: 5.22.8-0.1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/ADOdb/ADOdb/issues/1070
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for libphp-adodb.
CVE-2025-46337[0]:
| ADOdb is a PHP database class library that provides abstractions for
| performing queries and managing databases. Prior to version 5.22.9,
| improper escaping of a query parameter may allow an attacker to
| execute arbitrary SQL statements when the code using ADOdb connects
| to a PostgreSQL database and calls pg_insert_id() with user-supplied
| data. This issue has been patched in version 5.22.9.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-46337
https://www.cve.org/CVERecord?id=CVE-2025-46337
[1] https://github.com/ADOdb/ADOdb/issues/1070
[2] https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545
[3]
https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libphp-adodb
Source-Version: 5.22.9-0.1
Done: Leandro Cunha <leandrocunha...@gmail.com>
We believe that the bug you reported is fixed in the latest version of
libphp-adodb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1104...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Leandro Cunha <leandrocunha...@gmail.com> (supplier of updated libphp-adodb
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 02 May 2025 10:48:03 -0300
Source: libphp-adodb
Architecture: source
Version: 5.22.9-0.1
Distribution: unstable
Urgency: high
Maintainer: Cameron Dale <camrd...@gmail.com>
Changed-By: Leandro Cunha <leandrocunha...@gmail.com>
Closes: 1104548
Changes:
libphp-adodb (5.22.9-0.1) unstable; urgency=high
.
* Non-maintainer upload.
* New upstream version 5.22.9 (Closes: #1104548, CVE-2025-46337)
Checksums-Sha1:
722d82d0ea93727d2d4217d2f6174681fd32f979 1916 libphp-adodb_5.22.9-0.1.dsc
e881bb5c2cc46046749b0d4f89d91f47d98f52ec 450133 libphp-adodb_5.22.9.orig.tar.gz
56e146209d3c89d50e267c46087968fe21fbec26 8448
libphp-adodb_5.22.9-0.1.debian.tar.xz
48577ea8e992ebd6f21134626cac196b6e6ba8e2 6427
libphp-adodb_5.22.9-0.1_amd64.buildinfo
Checksums-Sha256:
efe13f9d022617b5e41160e9b80cb566d53dacfa46d47fca296b78692e7e3829 1916
libphp-adodb_5.22.9-0.1.dsc
f77bd016da1daa42337547ffb9a6de5561776884d520f41c63301c8943dec9b3 450133
libphp-adodb_5.22.9.orig.tar.gz
d52d4c5b30fc60158f518594a77a34a5301340d7171a2c3c91d7a645130f9ab6 8448
libphp-adodb_5.22.9-0.1.debian.tar.xz
08095b995ca0f94419afd73f2b7f73f42c285808b0e41a52e098d317936f549b 6427
libphp-adodb_5.22.9-0.1_amd64.buildinfo
Files:
a25ad2203d4c7ce4277fc64d07d995ad 1916 php optional libphp-adodb_5.22.9-0.1.dsc
198555618cfff62d2731308ef411a3a4 450133 php optional
libphp-adodb_5.22.9.orig.tar.gz
48e6681ad0a58c42d5ce6e0e0f18fa51 8448 php optional
libphp-adodb_5.22.9-0.1.debian.tar.xz
f7dd89baba9c5d110325ebaf3543b413 6427 php optional
libphp-adodb_5.22.9-0.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmgU29UACgkQwpPntGGC
Ws4feA/6Ay8ufkbOMJzbTORo7meiyT+M4at/7RM3JGAGeObAzdjBODDVhbcEKu94
MKLPpu8+VFwh2vLRDEtaeeC53GuTsdcPolhWsT6+6dWXjY1lQKzC90WPTmsz7tKe
bMs5MXmv3WfCK7+tL1oDR3IxZn+r7e2rVp0AV3qyu+RFtzBX5LTyagRDziTPZpEv
T+EiG8jDkI3gGOWBL+bchXOFyV2FKUsR3dokxJrFNoiP0pOtDLFQGTt8vHwVeLhV
7YCy3v4jvXQV+cKmvMCkgVh9IfGZGbcJkkVAJbn8KGUHhPUh2Rc3k7LhTmWofCLR
i8fHFWKbxT4hOlD6NDlk10Z86ok6Y0kyjj9cW+dDg9K6XIdBJ/Rv6Ea+KN+KnWPB
24VhAjiQsxde3IyrSo++T2TXtPaJIQCv/hd4VMADWzRUMssg4UEYdn/n//JEkq4U
PXAIhROPCe96FyIz7m5CrckE7NRHgbS/5XQberhA3i4e9msyWZ0ziVnPqv6gYvJF
OFzmFFRW3o5kV8luyN/597Y/Ty5kn/tz0Dj8T62CAhbWqWBRjt3zRaV7ljYettaF
U3hNidvcl1AOEVL6gOauR2s2D8Tja0Uj1Yi8go8vQ/XBtYjbvadZOWdrfIcVBe7v
+Ddk+1HcYKPPPyTUt2PMmdIwUNkOpfDNinkqapOIa3osl3N4Lvc=
=VDot
-----END PGP SIGNATURE-----
pgpaeY7YuWEwv.pgp
Description: PGP signature
--- End Message ---
