Your message dated Sat, 21 Jun 2025 09:17:16 +0000
with message-id <[email protected]>
and subject line Bug#1104548: fixed in libphp-adodb 5.21.4-1+deb12u1
has caused the Debian Bug report #1104548,
regarding libphp-adodb: CVE-2025-46337
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1104548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104548
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libphp-adodb
Version: 5.22.8-0.1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/ADOdb/ADOdb/issues/1070
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libphp-adodb.
CVE-2025-46337[0]:
| ADOdb is a PHP database class library that provides abstractions for
| performing queries and managing databases. Prior to version 5.22.9,
| improper escaping of a query parameter may allow an attacker to
| execute arbitrary SQL statements when the code using ADOdb connects
| to a PostgreSQL database and calls pg_insert_id() with user-supplied
| data. This issue has been patched in version 5.22.9.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-46337
https://www.cve.org/CVERecord?id=CVE-2025-46337
[1] https://github.com/ADOdb/ADOdb/issues/1070
[2] https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545
[3]
https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libphp-adodb
Source-Version: 5.21.4-1+deb12u1
Done: Leandro Cunha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libphp-adodb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Leandro Cunha <[email protected]> (supplier of updated libphp-adodb
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 06 May 2025 18:39:03 -0300
Source: libphp-adodb
Binary: libphp-adodb
Architecture: source all
Version: 5.21.4-1+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Cameron Dale <[email protected]>
Changed-By: Leandro Cunha <[email protected]>
Description:
libphp-adodb -
Closes: 1104548
Changes:
libphp-adodb (5.21.4-1+deb12u1) bookworm; urgency=high
.
* Non-maintainer upload.
+ Fix SQL injection in pg_insert_id(). (Closes: #1104548, CVE-2025-46337)
Checksums-Sha1:
b3f9138d33e5592d0000b0716853022f350e1272 1950 libphp-adodb_5.21.4-1+deb12u1.dsc
3f37975097af84eb7083ea7c7dee04c5d9613aac 435699 libphp-adodb_5.21.4.orig.tar.gz
9def2fc0b2956b479931d29c5a448a2434139e6e 8852
libphp-adodb_5.21.4-1+deb12u1.debian.tar.xz
ebb4dc950a190d0602b0b0d089ef0129b4f78ab4 323772
libphp-adodb_5.21.4-1+deb12u1_all.deb
96dbb4306badabd89506b3e7c7c4e92ecb2ca4ba 6995
libphp-adodb_5.21.4-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
97c2d30e947fee96c84db113e7c1d6402cff9dcd62d1bfcab2d1410b866d32fa 1950
libphp-adodb_5.21.4-1+deb12u1.dsc
422f73a60876f285182f6c0bebe4d83318e0282ae1dd85b66a8283072f8ee856 435699
libphp-adodb_5.21.4.orig.tar.gz
2bb745cf6f7167c6d9ce981cb79884ae0b2235461cc30d682267d1b4fdd83044 8852
libphp-adodb_5.21.4-1+deb12u1.debian.tar.xz
28df51e601327a95a3c82f27efef497fa33cd1812027b0f8fd020d404c727240 323772
libphp-adodb_5.21.4-1+deb12u1_all.deb
5b15cf076c7ee127fb072184dffba1e3cd6fce1b10dbadc641fe3c69261afd95 6995
libphp-adodb_5.21.4-1+deb12u1_amd64.buildinfo
Files:
3726b8275ee62a8e02887c572c0a13b8 1950 php optional
libphp-adodb_5.21.4-1+deb12u1.dsc
4a844398e129c71bc23c43696b109049 435699 php optional
libphp-adodb_5.21.4.orig.tar.gz
9d541c5f4a3440731c467afd1d0af518 8852 php optional
libphp-adodb_5.21.4-1+deb12u1.debian.tar.xz
f50ad111942a43194fc178572ee3c8d6 323772 php optional
libphp-adodb_5.21.4-1+deb12u1_all.deb
f786e11c2de8c3fbc3af68ace0aef1b8 6995 php optional
libphp-adodb_5.21.4-1+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmhUlK0ACgkQwpPntGGC
Ws4pdg//VZSztmOoUcx4FVAZeqEYrrzDZBfvNVZsO8CU8oJ41wyammo3i5jfvin7
dXURV8n/NA++F+HcTNVHSTWc+B2S3QxAyffzJ+FiGXmXVkEuN6oNlSjg3D1ZLiJc
RAlpBFtCf1wcKwtlFjDZ0zlBsHpZyuP9PF/8GjlZ1O8ycHrVklY0mq4Zw1CaT1Lv
iyzWMzYHSTqiACX46Nut1Q7BwUIOmnsE3H1YB7HTel1+tq97+PrQNvZIlNbvX8Cw
syDGjdw0X5qGuBIawaZUGzAmItTntu5B6rLVXoDgPYVfhYMKgiLlE9s10hiaWL1C
3vxBm/DXSnaW7W/gKNiv9hSjYqKqeI16Hfm8AKBZxECM84ZK1OAcMstgC1AnAYA7
AG6m87MzLgY/XkDFH1RlbwXWFkRPQ0+Xsvo1XXXZ6YDsyvKGS5EOSdq80bNVOWxM
2qul5ONittG8M+50e0/Hg44xyQXMobXSc4+kh/slNn0hmesTObJR6jGawfPCL0Xq
qxG9B6zH+YBTkZnftGz1S0VRyz98nEv2ILiWlaLN+u86iejvarBz6oKW4e7bhlcm
7bWWBYsce+sEETTBPr9YXSSYA54iguBo8G1KiOAA6Wzl+vHUeTwb/Bss9i5qzMXy
+Xr20metO0UnP6bisjUKiG0J0bZs8CieYWGIGqtTwbbtw3ZqFFM=
=A8n/
-----END PGP SIGNATURE-----
pgpyGqmbbJZy8.pgp
Description: PGP signature
--- End Message ---
