- Package:
- src:libphp-adodb
- Source:
- src:libphp-adodb
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2025-06-21 09:19:02 UTC
- Severity:
- normal
- Tags:
Hi, The following vulnerability was published for libphp-adodb. CVE-2025-46337[0]: | ADOdb is a PHP database class library that provides abstractions for | performing queries and managing databases. Prior to version 5.22.9, | improper escaping of a query parameter may allow an attacker to | execute arbitrary SQL statements when the code using ADOdb connects | to a PostgreSQL database and calls pg_insert_id() with user-supplied | data. This issue has been patched in version 5.22.9. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-46337 https://www.cve.org/CVERecord?id=CVE-2025-46337 [1] https://github.com/ADOdb/ADOdb/issues/1070 [2] https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545 [3] https://github.com/ADOdb/ADOdb/commit/11107d6d6e5160b62e05dff8a3a2678cf0e3a426 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
I am opening this pull request to close a critical CVE as per https://github.com/ADOdb/ADOdb/security/advisories/GHSA-8x27-jwjr-8545 https://salsa.debian.org/debian/adodb/-/merge_requests/4
Hello, Bug #1104548 in libphp-adodb reported by you has been fixed in the Git repository and is awaiting an upload. You can see the commit message below and you can check the diff of the fix at: https://salsa.debian.org/debian/adodb/-/commit/5a1accde9f3dc5d7a08b686caf1adfb6b829f8e5 ------------------------------------------------------------------------ Import Debian changelog version 5.22.9-0.1 libphp-adodb (5.22.9-0.1) unstable; urgency=high * Non-maintainer upload. * New upstream version 5.22.9 (Closes: #1104548, CVE-2025-46337) ------------------------------------------------------------------------ (this message was generated automatically) -- Greetings https://bugs.debian.org/1104548
We believe that the bug you reported is fixed in the latest version of libphp-adodb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1104548@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Leandro Cunha <leandrocunha016@gmail.com> (supplier of updated libphp-adodb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) Format: 1.8 Date: Fri, 02 May 2025 10:48:03 -0300 Source: libphp-adodb Architecture: source Version: 5.22.9-0.1 Distribution: unstable Urgency: high Maintainer: Cameron Dale <camrdale@gmail.com> Changed-By: Leandro Cunha <leandrocunha016@gmail.com> Closes: 1104548 Changes: libphp-adodb (5.22.9-0.1) unstable; urgency=high . * Non-maintainer upload. * New upstream version 5.22.9 (Closes: #1104548, CVE-2025-46337) Checksums-Sha1: 722d82d0ea93727d2d4217d2f6174681fd32f979 1916 libphp-adodb_5.22.9-0.1.dsc e881bb5c2cc46046749b0d4f89d91f47d98f52ec 450133 libphp-adodb_5.22.9.orig.tar.gz 56e146209d3c89d50e267c46087968fe21fbec26 8448 libphp-adodb_5.22.9-0.1.debian.tar.xz 48577ea8e992ebd6f21134626cac196b6e6ba8e2 6427 libphp-adodb_5.22.9-0.1_amd64.buildinfo Checksums-Sha256: efe13f9d022617b5e41160e9b80cb566d53dacfa46d47fca296b78692e7e3829 1916 libphp-adodb_5.22.9-0.1.dsc f77bd016da1daa42337547ffb9a6de5561776884d520f41c63301c8943dec9b3 450133 libphp-adodb_5.22.9.orig.tar.gz d52d4c5b30fc60158f518594a77a34a5301340d7171a2c3c91d7a645130f9ab6 8448 libphp-adodb_5.22.9-0.1.debian.tar.xz 08095b995ca0f94419afd73f2b7f73f42c285808b0e41a52e098d317936f549b 6427 libphp-adodb_5.22.9-0.1_amd64.buildinfo Files: a25ad2203d4c7ce4277fc64d07d995ad 1916 php optional libphp-adodb_5.22.9-0.1.dsc 198555618cfff62d2731308ef411a3a4 450133 php optional libphp-adodb_5.22.9.orig.tar.gz 48e6681ad0a58c42d5ce6e0e0f18fa51 8448 php optional libphp-adodb_5.22.9-0.1.debian.tar.xz f7dd89baba9c5d110325ebaf3543b413 6427 php optional libphp-adodb_5.22.9-0.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmgU29UACgkQwpPntGGC Ws4feA/6Ay8ufkbOMJzbTORo7meiyT+M4at/7RM3JGAGeObAzdjBODDVhbcEKu94 MKLPpu8+VFwh2vLRDEtaeeC53GuTsdcPolhWsT6+6dWXjY1lQKzC90WPTmsz7tKe bMs5MXmv3WfCK7+tL1oDR3IxZn+r7e2rVp0AV3qyu+RFtzBX5LTyagRDziTPZpEv T+EiG8jDkI3gGOWBL+bchXOFyV2FKUsR3dokxJrFNoiP0pOtDLFQGTt8vHwVeLhV 7YCy3v4jvXQV+cKmvMCkgVh9IfGZGbcJkkVAJbn8KGUHhPUh2Rc3k7LhTmWofCLR i8fHFWKbxT4hOlD6NDlk10Z86ok6Y0kyjj9cW+dDg9K6XIdBJ/Rv6Ea+KN+KnWPB 24VhAjiQsxde3IyrSo++T2TXtPaJIQCv/hd4VMADWzRUMssg4UEYdn/n//JEkq4U PXAIhROPCe96FyIz7m5CrckE7NRHgbS/5XQberhA3i4e9msyWZ0ziVnPqv6gYvJF OFzmFFRW3o5kV8luyN/597Y/Ty5kn/tz0Dj8T62CAhbWqWBRjt3zRaV7ljYettaF U3hNidvcl1AOEVL6gOauR2s2D8Tja0Uj1Yi8go8vQ/XBtYjbvadZOWdrfIcVBe7v +Ddk+1HcYKPPPyTUt2PMmdIwUNkOpfDNinkqapOIa3osl3N4Lvc= =VDot -----END PGP SIGNATURE-----
I'm closing this bug because the upload to the unstable version has already been done. And only after approval from the teams involved for the package to be approved in stable versions. However, Salvatore would already be aware of the fix and could do it. But if you want me to do it, just let me know. The package will also be migrated to testing if it is unlocked. All work carried out would be cooperative work between teams and maintainers for stable versions. Cheers, Leandro Cunha
Hi, NEWS! The fix's entry into stable awaits approval from the release team on the bug below. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104821 Leandro
We believe that the bug you reported is fixed in the latest version of
libphp-adodb, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1104548@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Leandro Cunha <leandrocunha016@gmail.com> (supplier of updated libphp-adodb package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
Format: 1.8
Date: Tue, 06 May 2025 18:39:03 -0300
Source: libphp-adodb
Binary: libphp-adodb
Architecture: source all
Version: 5.21.4-1+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: Cameron Dale <camrdale@gmail.com>
Changed-By: Leandro Cunha <leandrocunha016@gmail.com>
Description:
libphp-adodb -
Closes: 1104548
Changes:
libphp-adodb (5.21.4-1+deb12u1) bookworm; urgency=high
.
* Non-maintainer upload.
+ Fix SQL injection in pg_insert_id(). (Closes: #1104548, CVE-2025-46337)
Checksums-Sha1:
b3f9138d33e5592d0000b0716853022f350e1272 1950 libphp-adodb_5.21.4-1+deb12u1.dsc
3f37975097af84eb7083ea7c7dee04c5d9613aac 435699 libphp-adodb_5.21.4.orig.tar.gz
9def2fc0b2956b479931d29c5a448a2434139e6e 8852 libphp-adodb_5.21.4-1+deb12u1.debian.tar.xz
ebb4dc950a190d0602b0b0d089ef0129b4f78ab4 323772 libphp-adodb_5.21.4-1+deb12u1_all.deb
96dbb4306badabd89506b3e7c7c4e92ecb2ca4ba 6995 libphp-adodb_5.21.4-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
97c2d30e947fee96c84db113e7c1d6402cff9dcd62d1bfcab2d1410b866d32fa 1950 libphp-adodb_5.21.4-1+deb12u1.dsc
422f73a60876f285182f6c0bebe4d83318e0282ae1dd85b66a8283072f8ee856 435699 libphp-adodb_5.21.4.orig.tar.gz
2bb745cf6f7167c6d9ce981cb79884ae0b2235461cc30d682267d1b4fdd83044 8852 libphp-adodb_5.21.4-1+deb12u1.debian.tar.xz
28df51e601327a95a3c82f27efef497fa33cd1812027b0f8fd020d404c727240 323772 libphp-adodb_5.21.4-1+deb12u1_all.deb
5b15cf076c7ee127fb072184dffba1e3cd6fce1b10dbadc641fe3c69261afd95 6995 libphp-adodb_5.21.4-1+deb12u1_amd64.buildinfo
Files:
3726b8275ee62a8e02887c572c0a13b8 1950 php optional libphp-adodb_5.21.4-1+deb12u1.dsc
4a844398e129c71bc23c43696b109049 435699 php optional libphp-adodb_5.21.4.orig.tar.gz
9d541c5f4a3440731c467afd1d0af518 8852 php optional libphp-adodb_5.21.4-1+deb12u1.debian.tar.xz
f50ad111942a43194fc178572ee3c8d6 323772 php optional libphp-adodb_5.21.4-1+deb12u1_all.deb
f786e11c2de8c3fbc3af68ace0aef1b8 6995 php optional libphp-adodb_5.21.4-1+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfncpR22H1vEdkazLwpPntGGCWs4FAmhUlK0ACgkQwpPntGGC
Ws4pdg//VZSztmOoUcx4FVAZeqEYrrzDZBfvNVZsO8CU8oJ41wyammo3i5jfvin7
dXURV8n/NA++F+HcTNVHSTWc+B2S3QxAyffzJ+FiGXmXVkEuN6oNlSjg3D1ZLiJc
RAlpBFtCf1wcKwtlFjDZ0zlBsHpZyuP9PF/8GjlZ1O8ycHrVklY0mq4Zw1CaT1Lv
iyzWMzYHSTqiACX46Nut1Q7BwUIOmnsE3H1YB7HTel1+tq97+PrQNvZIlNbvX8Cw
syDGjdw0X5qGuBIawaZUGzAmItTntu5B6rLVXoDgPYVfhYMKgiLlE9s10hiaWL1C
3vxBm/DXSnaW7W/gKNiv9hSjYqKqeI16Hfm8AKBZxECM84ZK1OAcMstgC1AnAYA7
AG6m87MzLgY/XkDFH1RlbwXWFkRPQ0+Xsvo1XXXZ6YDsyvKGS5EOSdq80bNVOWxM
2qul5ONittG8M+50e0/Hg44xyQXMobXSc4+kh/slNn0hmesTObJR6jGawfPCL0Xq
qxG9B6zH+YBTkZnftGz1S0VRyz98nEv2ILiWlaLN+u86iejvarBz6oKW4e7bhlcm
7bWWBYsce+sEETTBPr9YXSSYA54iguBo8G1KiOAA6Wzl+vHUeTwb/Bss9i5qzMXy
+Xr20metO0UnP6bisjUKiG0J0bZs8CieYWGIGqtTwbbtw3ZqFFM=
=A8n/
-----END PGP SIGNATURE-----