Gentoo Bug 120215 - dev-php/adodb: PostgresSQL SQL Injection in adodb < 4.7.1

First Last Prev Next No search results available Search page Enter new bug

Bug#:	120215
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Rob M. <thehandoftyr@gmail.com>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 120215 depends on:			Show dependency tree
Bug 120215 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2006-01-24 12:37 0000

improper input sanitation in adodb < 4.7.1 allows SQL Injection attacks against
those using PostgresSQL in conjunction with ADOdb.

supposedly does not affect MySQL users of ADOdb.

upgrade also fixes several DSN bugs.

Resolution: upgrade adodb to 4.7.1

original bug: 

http://phplens.com/lens/lensforum/msgs.php?id=14365

http://sourceforge.net/project/shownotes.php?release_id=387862&group_id=42718

Credit: Andy Staudacher

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-01-24 12:53:24 0000 -------

php, please provide fixed packages.

------- Comment #2 From Luca Longinotti 2006-01-24 13:14:04 0000 -------

dev-php/adodb-4.71 is in the tree.
Best regards, CHTEKK.

------- Comment #3 From Stefan Cornelius (RETIRED) 2006-01-24 13:23:14 0000 -------

arches, eternal damnation aka testing and stabling (right gustavosz ;) is
required here. thanks in advance

------- Comment #4 From Gustavo Zacarias (RETIRED) 2006-01-25 10:58:19 0000 -------

This isn't sparc stable...

------- Comment #5 From Markus Rothe 2006-01-25 11:54:30 0000 -------

stable on ppc64

------- Comment #6 From Tobias Scherbaum 2006-01-25 13:27:40 0000 -------

ppc stable

------- Comment #7 From Bryan Østergaard (RETIRED) 2006-01-26 14:17:02 0000 -------

Stable on alpha + ia64.

------- Comment #8 From Simon Stelling (RETIRED) 2006-01-27 04:07:28 0000 -------

amd64 stable

------- Comment #9 From Mark Loeser 2006-01-27 16:50:04 0000 -------

x86 done

------- Comment #10 From Stefan Cornelius (RETIRED) 2006-02-04 07:57:02 0000 -------

ready for glsa vote, I tend to a yes.

------- Comment #11 From Sune Kloppenborg Jeppesen 2006-02-04 09:21:07 0000 -------

I tend to vote YES too.

------- Comment #12 From Stefan Cornelius (RETIRED) 2006-02-04 09:34:12 0000 -------

ok, we'll have a glsa then

------- Comment #13 From Sune Kloppenborg Jeppesen 2006-02-06 10:24:07 0000 -------

GLSA 200602-02

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 120215

dev-php/adodb: PostgresSQL SQL Injection in adodb < 4.7.1

Last modified: 2006-02-06 10:24:07 0000