Your message dated Sun, 21 Dec 2025 20:34:36 +0000
with message-id <[email protected]>
and subject line Bug#1110464: fixed in libphp-adodb 5.21.4-1+deb12u2
has caused the Debian Bug report #1110464,
regarding libphp-adodb: CVE-2025-54119
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1110464: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110464
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libphp-adodb
Version: 5.22.9-0.1
Severity: grave
Tags: security upstream
Forwarded: https://github.com/ADOdb/ADOdb/issues/1083
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libphp-adodb.
CVE-2025-54119[0]:
| ADOdb is a PHP database class library that provides abstractions for
| performing queries and managing databases. In versions 5.22.9 and
| below, improper escaping of a query parameter may allow an attacker
| to execute arbitrary SQL statements when the code using ADOdb
| connects to a sqlite3 database and calls the metaColumns(),
| metaForeignKeys() or metaIndexes() methods with a crafted table
| name. This is fixed in version 5.22.10. To workaround this issue,
| only pass controlled data to metaColumns(), metaForeignKeys() and
| metaIndexes() method's $table parameter.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-54119
https://www.cve.org/CVERecord?id=CVE-2025-54119
[1] https://github.com/ADOdb/ADOdb/issues/1083
[2] https://github.com/ADOdb/ADOdb/security/advisories/GHSA-vf2r-cxg9-p7rf
[3]
https://github.com/ADOdb/ADOdb/commit/5b8bd52cdcffefb4ecded1b399c98cfa516afe03
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libphp-adodb
Source-Version: 5.21.4-1+deb12u2
Done: Abhijith PA <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libphp-adodb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Abhijith PA <[email protected]> (supplier of updated libphp-adodb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 17 Sep 2025 13:32:21 +0530
Source: libphp-adodb
Binary: libphp-adodb
Architecture: source all
Version: 5.21.4-1+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Cameron Dale <[email protected]>
Changed-By: Abhijith PA <[email protected]>
Description:
libphp-adodb -
Closes: 1110464
Changes:
libphp-adodb (5.21.4-1+deb12u2) bookworm; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2025-54119: SQL injection in sqlite drivers (Closes: #1110464)
+ Both sqlite and sqlite3 drivers have patched to fix the issue.
Checksums-Sha1:
4e25015e569dd1c9274158f88c8ae923a06bb14a 1979 libphp-adodb_5.21.4-1+deb12u2.dsc
3f37975097af84eb7083ea7c7dee04c5d9613aac 435699 libphp-adodb_5.21.4.orig.tar.gz
fda90b70f5895124305af093127a27207e050658 9948
libphp-adodb_5.21.4-1+deb12u2.debian.tar.xz
2cb4e8608d4d420cb4c7ad4f744346ab67cecdf8 323792
libphp-adodb_5.21.4-1+deb12u2_all.deb
f20f351106394824005c6be2f209d17a8f361013 6892
libphp-adodb_5.21.4-1+deb12u2_amd64.buildinfo
Checksums-Sha256:
98613ad93d2840d49633d900570367ab54ad4f6bf543d1a8845c77925218ba55 1979
libphp-adodb_5.21.4-1+deb12u2.dsc
422f73a60876f285182f6c0bebe4d83318e0282ae1dd85b66a8283072f8ee856 435699
libphp-adodb_5.21.4.orig.tar.gz
95a98f112e99f8cee4903899242d8f4490c9fb9c5982f9752f81bcf1629da20b 9948
libphp-adodb_5.21.4-1+deb12u2.debian.tar.xz
1fab12d58a9b39c7624f8cf5d4093a50d71d2aded6cd10d82d02c0b347dc6673 323792
libphp-adodb_5.21.4-1+deb12u2_all.deb
19084e27adb05f3187337697a44a51a8aea44396969ceb2c0fe3024ddcd3a1e8 6892
libphp-adodb_5.21.4-1+deb12u2_amd64.buildinfo
Files:
a16c2d44c87218bceb4d1c1854cb3aa0 1979 php optional
libphp-adodb_5.21.4-1+deb12u2.dsc
4a844398e129c71bc23c43696b109049 435699 php optional
libphp-adodb_5.21.4.orig.tar.gz
e3bd9b89c755925de2060dc5225647a4 9948 php optional
libphp-adodb_5.21.4-1+deb12u2.debian.tar.xz
2087bb4a6f773c97e4e4c1da9a51a115 323792 php optional
libphp-adodb_5.21.4-1+deb12u2_all.deb
f30ccd1bf9cdf400ecc543e03ce476fb 6892 php optional
libphp-adodb_5.21.4-1+deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmk2ZTYUHGFiaGlqaXRo
QGRlYmlhbi5vcmcACgkQhj1N8u2cKO9HgQ/+Jb/7sCcTDVpn/sD5QLBq8iogYB+H
B+4FeeDE+OGLC8OeC45FvLCV6aPXb8H9JioaWFCPiM+/kBjnzljRPzkbOVeLSUfz
rEFx3NIAfNZ2thTgDUwFCdpya/eLXCY5qkiLqGIARt42h/NUanRvQ+pAGusXBQvV
qACyCh2PLuISy8DUC6OVy1FszEgpz6pZO/E00DGJtLy/tkeeAm8O3zCmqXiPkRSs
+ov7fn82pecp8vxDtf6nJYizGZ2kE3RT8FCzUH+gTHFnuD6qFiQCxgeYao0gqpA1
Ipyom31VQoXCdG2N+CUnA8OYRndFOKdY1tQbpsPQzDUD7nhhkO3cWkTexKurvNON
aWfLSuNAdBScW1j1Gn1bDlT2vc2rxL8IiZJtvLK0s+LG8aGXPmRVvzqR7Yg4MDlT
K0dbK1e05d1dO9QfDqIPGSP/tcw+uxKV+GU7C+x2NVH8NvATyTapIex9Kqs/oLwt
NXHgtqmoaicO6s8tbgcgWa6MEebu6XUghY3JLmjIxIX+7ZhtdiKLmjbB+dYFAXEh
2FyHvSf2CZqb9qW1YAje3yyYMQSA9w00PX71eCT2WVyKVxkEYVZ2b17pZH3QqHsE
lDu3tt8XgDzG0Fji/f9wD2Imoz1AetQzUovy/7z73hhhW7zU8VfSRrYQV/QyK1Sa
0SBJXw+btuD8/nU=
=42+x
-----END PGP SIGNATURE-----
pgpt5hzGGjVXN.pgp
Description: PGP signature
--- End Message ---
