** Changed in: mahara
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1962792
Title:
Upgrade ADOdb from v5.21.1 to v5.22.0
Status in Mahara:
Fix Released
Bug description:
https://github.com/ADOdb/ADOdb/blob/v5.22.0/docs/changelog.md
Includes a security patch for drivers/adodb-postgres64.inc.php:
https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf
An attacker can inject values into a PostgreSQL connection string by
providing a parameter surrounded by single quotes.
Depending on how the library is used in the client software, this may
allow an attacker to bypass the login process, gain access to the
server's IP address, etc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1962792/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
