Your message dated Fri, 2 May 2025 20:58:26 -0300
with message-id
<CAGEayXP6j7tghAYnKFi=0ofoyk4fiwk0zyfpcmeap0qcuxz...@mail.gmail.com>
and subject line Closing the 1104548
has caused the Debian Bug report #1104548,
regarding libphp-adodb: CVE-2025-46337
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1104548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104548
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libphp-adodb
Version: 5.22.8-0.1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/ADOdb/ADOdb/issues/1070
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for libphp-adodb.
CVE-2025-46337[0]:
| ADOdb is a PHP database class library that provides abstractions for
| performing queries and managing databases. Prior to version 5.22.9,
| improper escaping of a query parameter may allow an attacker to
| execute arbitrary SQL statements when the code using ADOdb connects
| to a PostgreSQL database and calls pg_insert_id() with user-supplied
| data. This issue has been patched in version 5.22.9.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-46337
https://www.cve.org/CVERecord?id=CVE-2025-46337
[1] https://github.com/ADOdb/ADOdb/issues/1070
[2] https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545
[3]
https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
I'm closing this bug because the upload to the unstable version has already
been done. And only after approval from the teams involved for the package
to be approved in stable versions. However, Salvatore would already be
aware of the fix and could do it. But if you want me to do it, just let me
know. The package will also be migrated to testing if it is unlocked.
All work carried out would be cooperative work between teams and
maintainers for stable versions.
Cheers,
Leandro Cunha
--- End Message ---
