Your message dated Fri, 22 Aug 2025 00:18:57 +0000
with message-id <[email protected]>
and subject line Bug#1110464: fixed in libphp-adodb 5.22.10-0.1
has caused the Debian Bug report #1110464,
regarding libphp-adodb: CVE-2025-54119
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110464: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110464
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libphp-adodb
Version: 5.22.9-0.1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/ADOdb/ADOdb/issues/1083
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libphp-adodb.
CVE-2025-54119[0]:
| ADOdb is a PHP database class library that provides abstractions for
| performing queries and managing databases. In versions 5.22.9 and
| below, improper escaping of a query parameter may allow an attacker
| to execute arbitrary SQL statements when the code using ADOdb
| connects to a sqlite3 database and calls the metaColumns(),
| metaForeignKeys() or metaIndexes() methods with a crafted table
| name. This is fixed in version 5.22.10. To workaround this issue,
| only pass controlled data to metaColumns(), metaForeignKeys() and
| metaIndexes() method's $table parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-54119
https://www.cve.org/CVERecord?id=CVE-2025-54119
[1] https://github.com/ADOdb/ADOdb/issues/1083
[2] https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
[3]
https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libphp-adodb
Source-Version: 5.22.10-0.1
Done: Leandro Cunha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libphp-adodb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Leandro Cunha <[email protected]> (supplier of updated libphp-adodb
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Aug 2025 23:30:17 -0300
Source: libphp-adodb
Architecture: source
Version: 5.22.10-0.1
Distribution: unstable
Urgency: high
Maintainer: Cameron Dale <[email protected]>
Changed-By: Leandro Cunha <[email protected]>
Closes: 1110464
Changes:
libphp-adodb (5.22.10-0.1) unstable; urgency=high
.
* Non-maintainer upload.
* New upstream version 5.22.10 (Closes: #1110464, CVE-2025-54119)
Checksums-Sha1:
568243956301e6f8012937db6730dc44637c5b9f 1923 libphp-adodb_5.22.10-0.1.dsc
fe21c51aecacc9fdecb058a1ca35f3a921f26ced 450382
libphp-adodb_5.22.10.orig.tar.gz
4954a28592bdf6ba11c708ca366c649ac311ad61 8444
libphp-adodb_5.22.10-0.1.debian.tar.xz
2ab2efeeca81121cc1b276cdeaedc54ff4966b2c 6481
libphp-adodb_5.22.10-0.1_amd64.buildinfo
Checksums-Sha256:
fc00d75fb63c3fa0a8499b96f3cac1a245141b990026534f771db381d86e3433 1923
libphp-adodb_5.22.10-0.1.dsc
804d0445d9f2d0b48ad24d72f3cc3e9cf4965aba4156a3dec75dbf56efc0abc2 450382
libphp-adodb_5.22.10.orig.tar.gz
a42a43a5372d69d0fff8df3afc6b6303646ac1b746e5f101cbe6a4f52b7fe720 8444
libphp-adodb_5.22.10-0.1.debian.tar.xz
8dd6b84789baa0c91c45564f49e8dadb413fb57848978c0c2ed4fae46f37498a 6481
libphp-adodb_5.22.10-0.1_amd64.buildinfo
Files:
39d91e14d448ecc9bd04f8bde5a41e19 1923 php optional libphp-adodb_5.22.10-0.1.dsc
35510b3d6c79b5672d04058dc354d94d 450382 php optional
libphp-adodb_5.22.10.orig.tar.gz
ebeaee9373b55a5e9fe29d0c3e808d88 8444 php optional
libphp-adodb_5.22.10-0.1.debian.tar.xz
63d61e86e0baf36537d7ec93524b750b 6481 php optional
libphp-adodb_5.22.10-0.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmilDk8ACgkQwpPntGGC
Ws5ymw/+Pwdl0ujmht3UAkPlHdfUIviyZKLtQicE+Te36ttRrIn2JuJM3tAx1VCR
GnL2fZunFzmmrljpTnar3OPAP0V4GUPXAGqkDeSNZq8WIRM5D0cw7EKEtNdaMu8U
Jclz5Ph/CVJ1Z7eMte3Dgt0C6fIfizUg/NiN1T//3Pi2iPQikcDSYeHg4trGN4xz
WCnqnzC68KwiR6B3LrxfrbkAkeUN7PAfuTnckhHn1Rg8c9ANdywB26qLyQZFMOIY
AqnycYLC8bWYbafJtnjKLM722VZPCZJbutlI0MWDrLMJjTWbL1oG/Orccl+bLwtU
fFvuMdahrQmmjT9mr84uKNJxRMtoPX1Yors106Cc2K41BfcZAgKhkoUDgQDtYqOr
qQZWnoMRRvbSl2O3VeDnWWPSHDcMmQWRt9YyPQZnSTK1hI+OdHkIbVmceZfMGeyc
1hhZr3EtQsxZ7+pnJTi+tqTWNorNlPdzAE76EXgBRNDXODulD1DLfMa7plTmaaPB
2ENHTa0fo3Ncc6I2Kbe3HLayOnsEtfbFcfzLSHj6cSgjYBS5My8jjsJxYSnLdOaX
Ugmj6WvfouyYBoyzQIISv3wdxk3g7zF4Yg3YZHFmdWdPY6xIJsdHKMSyGIITYAFY
WBbZ/znTrTyyv9O0QHxSntNm53V8dD4Lf9tcV3CIrUO7hEAF0tY=
=f0R+
-----END PGP SIGNATURE-----
pgpzIorzU3LzB.pgp
Description: PGP signature
--- End Message ---
