1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1104548: libphp-adodb: CVE-2025-46337

    From Salvatore Bonaccorso@21:1/5 to All on Thu May 1 22:40:01 2025
    Source: libphp-adodb
    Version: 5.22.8-0.1
    Severity: grave
    Tags: security upstream
    Justification: user security hole
    Forwarded: https://github.com/ADOdb/ADOdb/issues/1070
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>

    Hi,

    The following vulnerability was published for libphp-adodb.

    CVE-2025-46337[0]:
    | ADOdb is a PHP database class library that provides abstractions for
    | performing queries and managing databases. Prior to version 5.22.9,
    | improper escaping of a query parameter may allow an attacker to
    | execute arbitrary SQL statements when the code using ADOdb connects
    | to a PostgreSQL database and calls pg_insert_id() with user-supplied
    | data. This issue has been patched in version 5.22.9.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2025-46337
    https://www.cve.org/CVERecord?id=CVE-2025-46337
    [1] https://github.com/ADOdb/ADOdb/issues/1070
    [2] https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545
    [3] https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426

    Please adjust the affected versions in the BTS as needed.

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Fri May 2 17:00:01 2025
    Processing control commands:

    tag -1 pending
    Bug #1104548 [src:libphp-adodb] libphp-adodb: CVE-2025-46337
    Ignoring request to alter tags of bug #1104548 to the same tags previously set

    --
    1104548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104548
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Fri May 2 17:00:01 2025
    Processing control commands:

    tags -1 +pending
    Bug #1104548 [src:libphp-adodb] libphp-adodb: CVE-2025-46337
    Added tag(s) pending.

    --
    1104548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104548
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Boyuan Yang@21:1/5 to All on Fri May 2 17:00:02 2025
    Control: tag -1 pending

    Hello,

    Bug #1104548 in libphp-adodb reported by you has been fixed in the
    Git repository and is awaiting an upload. You can see the commit
    message below and you can check the diff of the fix at:

    https://salsa.debian.org/debian/adodb/-/commit/5a1accde9f3dc5d7a08b686caf1adfb6b829f8e5

    ------------------------------------------------------------------------
    Import Debian changelog version 5.22.9-0.1

    libphp-adodb (5.22.9-0.1) unstable; urgency=high

    * Non-maintainer upload.
    * New upstream version 5.22.9 (Closes: #1104548, CVE-2025-46337) ------------------------------------------------------------------------

    (this message was generated automatically)
    --
    Greetings

    https://bugs.debian.org/1104548

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Fri May 2 17:10:01 2025
    This is a multi-part message in MIME format...

    Your message dated Fri, 02 May 2025 15:05:14 +0000
    with message-id <E1uArww-006RNC-ED@fasolo.debian.org>
    and subject line Bug#1104548: fixed in libphp-adodb 5.22.9-0.1
    has caused the Debian Bug report #1104548,
    regarding libphp-adodb: CVE-2025-46337
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1104548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104548
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 1 May 2025 20:32:16 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-10.1 required=4.0 tests=BAYES_00,FOURLA,
    FROMDEVELOPER,MD5_SHA1_SUM,RDNS_NONE,SPF_HELO_NONE,SPF_NONE,
    XMAILER_REPORTBUG autolearn=ham autolearn_force=no
    version=3.4.6-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 25; hammy, 149; neutral, 48; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--H*r:eldamar.lan, 0.000-+--H*M:reportbug Return-path: <carnil@debian.org>
    Received: from [88.130.212.107] (port=53694 helo=eldamar.lan)
    by buxtehude.debian.org with esmtp (Exim 4.94.2)
    (envelope-from <carnil@debian.org>)
    id 1uAaZr-0
  • From Debian Bug Tracking System@21:1/5 to All on Sat Jun 21 11:20:01 2025
    This is a multi-part message in MIME format...

    Your message dated Sat, 21 Jun 2025 09:17:16 +0000
    with message-id <E1uSuLc-00CbTj-0p@fasolo.debian.org>
    and subject line Bug#1104548: fixed in libphp-adodb 5.21.4-1+deb12u1
    has caused the Debian Bug report #1104548,
    regarding libphp-adodb: CVE-2025-46337
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org
    immediately.)


    --
    1104548: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104548
    Debian Bug Tracking System
    Contact owner@bugs.debian.org with problems

    Received: (at submit) by bugs.debian.org; 1 May 2025 20:32:16 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-10.1 required=4.0 tests=BAYES_00,FOURLA,
    FROMDEVELOPER,MD5_SHA1_SUM,RDNS_NONE,SPF_HELO_NONE,SPF_NONE,
    XMAILER_REPORTBUG autolearn=ham autolearn_force=no
    version=3.4.6-bugs.debian.org_2005_01_02
    X-Spam-Bayes: score:0.0000 Tokens: new, 25; hammy, 149; neutral, 48; spammy,
    1. spammytokens:0.944-+--H*r:bugs.debian.org
    hammytokens:0.000-+--H*F:U*carnil, 0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--H*r:eldamar.lan, 0.000-+--H*M:reportbug Return-path: <carnil@debian.org>
    Received: from [88.130.212.107] (port=53694 helo=eldamar.lan)
    by buxtehude.debian.org with esmtp (Exim 4.94.2)
    (envelope-from <carnil@debian.org>)
    id 1uAaZr-0