Source: libphp-adodb Version: 5.15-1 Severity: important Tags: security upstream patch Forwarded: https://github.com/ADOdb/ADOdb/issues/226
Hi Please see [0] for details. A CVE was requested at [1]. There is a patch upstream [2] which should go in the next upstream version. I marked this as no-dsa for now, and could be fixed via a point release, since it's in the PDO driver only and only if queries are build by inlining the quoted string, both not recommended. Let us know please if you do not agree. Regards, Salvatore [0] https://github.com/ADOdb/ADOdb/issues/226 [1] http://www.openwall.com/lists/oss-security/2016/09/07/8 [2] https://github.com/ADOdb/ADOdb/commit/bd9eca9 _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
