Your message dated Sun, 07 Dec 2025 14:37:03 +0000
with message-id <[email protected]>
and subject line Bug#1110464: fixed in libphp-adodb 5.22.9-0.1+deb13u1
has caused the Debian Bug report #1110464,
regarding libphp-adodb: CVE-2025-54119
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110464: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110464
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libphp-adodb
Version: 5.22.9-0.1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/ADOdb/ADOdb/issues/1083
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libphp-adodb.
CVE-2025-54119[0]:
| ADOdb is a PHP database class library that provides abstractions for
| performing queries and managing databases. In versions 5.22.9 and
| below, improper escaping of a query parameter may allow an attacker
| to execute arbitrary SQL statements when the code using ADOdb
| connects to a sqlite3 database and calls the metaColumns(),
| metaForeignKeys() or metaIndexes() methods with a crafted table
| name. This is fixed in version 5.22.10. To workaround this issue,
| only pass controlled data to metaColumns(), metaForeignKeys() and
| metaIndexes() method's $table parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-54119
https://www.cve.org/CVERecord?id=CVE-2025-54119
[1] https://github.com/ADOdb/ADOdb/issues/1083
[2] https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
[3]
https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libphp-adodb
Source-Version: 5.22.9-0.1+deb13u1
Done: Abhijith PA <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libphp-adodb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Abhijith PA <[email protected]> (supplier of updated libphp-adodb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 03 Dec 2025 10:16:43 +0530
Source: libphp-adodb
Binary: libphp-adodb
Architecture: source all
Version: 5.22.9-0.1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: Cameron Dale <[email protected]>
Changed-By: Abhijith PA <[email protected]>
Description:
libphp-adodb -
Closes: 1110464
Changes:
libphp-adodb (5.22.9-0.1+deb13u1) trixie; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2025-54119: SQL injection in sqlite3 driver (Closes: #1110464)
Checksums-Sha1:
0a75e027dfeb3047beda65bc5944485d051e36b1 1977
libphp-adodb_5.22.9-0.1+deb13u1.dsc
e881bb5c2cc46046749b0d4f89d91f47d98f52ec 450133 libphp-adodb_5.22.9.orig.tar.gz
9a3e63a2d2445240d1fed04d359005764463bbb3 9828
libphp-adodb_5.22.9-0.1+deb13u1.debian.tar.xz
ca31e5397a1b441df58c9a36726ad8be2e1cf149 334660
libphp-adodb_5.22.9-0.1+deb13u1_all.deb
af937f5d355bfba385d93152258e124dfb03b40b 6612
libphp-adodb_5.22.9-0.1+deb13u1_amd64.buildinfo
Checksums-Sha256:
d8fc02ea210f3713e5d377e372ae1eb6c62590cd3a6ce1215b7ebc6b3cf49e37 1977
libphp-adodb_5.22.9-0.1+deb13u1.dsc
f77bd016da1daa42337547ffb9a6de5561776884d520f41c63301c8943dec9b3 450133
libphp-adodb_5.22.9.orig.tar.gz
d87c8ea54cd6ef082535c1063e7637bee9e72a1f1a9192df10d854c5d12a8e88 9828
libphp-adodb_5.22.9-0.1+deb13u1.debian.tar.xz
555048b8f360a3c168f89d2cb5c8f277c36f612ad06382387bb7803e41b5c661 334660
libphp-adodb_5.22.9-0.1+deb13u1_all.deb
683cada5d50c741a4fc44a38c1048e81a422386495d9b6ce29a42879dfdc3c1f 6612
libphp-adodb_5.22.9-0.1+deb13u1_amd64.buildinfo
Files:
d3792374f9c7383ec123e8422ae6f143 1977 php optional
libphp-adodb_5.22.9-0.1+deb13u1.dsc
198555618cfff62d2731308ef411a3a4 450133 php optional
libphp-adodb_5.22.9.orig.tar.gz
30bcfdb4391e9d531bcf6066160e22db 9828 php optional
libphp-adodb_5.22.9-0.1+deb13u1.debian.tar.xz
d2d91569563348b34e0fe2b23ef60bff 334660 php optional
libphp-adodb_5.22.9-0.1+deb13u1_all.deb
3d1e9f23a89672ea828e0bb733c492b4 6612 php optional
libphp-adodb_5.22.9-0.1+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmkv8oQUHGFiaGlqaXRo
QGRlYmlhbi5vcmcACgkQhj1N8u2cKO8atg//YgDErfBJ4phojDjuzPkpAf2Y3Zay
rVMZj7f1a8ZAx8xoGviThUbrlFLJJ8yFR4mmEAIz3V0XFzyTTDrBHt9nrbKwKTcM
M6/Lxm3esFBN8UCFBVVlgUYsW0WTHmuyXSyVbuNT7mLzd1CcIYNrv+nS8Bq5czzj
YWKDW/EJcnhkqeWaBagngzFMGT+db2v5OYv9LCHjBCgoxv0R2Q4ZiDc/06tpk/dr
wuCt7IrWbZ4+5n65R6LHTCbkcPHRRvyKj7c3Z3c0ZUw/MnrgRIx6NClMvLypT5BI
P457snAszlFS44AMpxwgYBGvhsJABwVp91vOD5sLUcls+y3tTmGyMmQYg6Q5Ua/J
gKT1UK1rY7oF7nufo3ZTMKWXFF00z4JGidkCuK/QWewLmdPb942HLZRH319elOdN
lklF7XMQdftbfCdABs6Aqp8mZcXc7WU7kHJkOFOVvAth554t26l8cPtXvV0cue1g
RnoYeJ1fEjHwQti2yJAYJRR/pZ1d0G3ca0Soa6rOm3TAPCboqNIoysX/zA47P9UU
S0AoLrNVYmuB7ehC0p6wu4vnChrDhCJwY+ea6iWOAzkr5rsY1XoNKzWE6+9VLm/D
Ig4DKoRNDKTW4IPPEIzOFK8FB3FlL5+4R5NGdoS6kgr1jtnQAJO4Va5KpKxybwqt
h92tDjRnWTp5TcI=
=Qz33
-----END PGP SIGNATURE-----
pgpxC3okXljEO.pgp
Description: PGP signature
--- End Message ---
