Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 120215 - dev-php/adodb: PostgresSQL SQL Injection in adodb < 4.7.1
Summary: dev-php/adodb: PostgresSQL SQL Injection in adodb < 4.7.1
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/18575/
Whiteboard: B3 [glsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-24 12:37 UTC by Rob M.
Modified: 2006-02-06 10:24 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Rob M. 2006-01-24 12:37:53 UTC
improper input sanitation in adodb < 4.7.1 allows SQL Injection attacks against those using PostgresSQL in conjunction with ADOdb.

supposedly does not affect MySQL users of ADOdb.

upgrade also fixes several DSN bugs.

Resolution: upgrade adodb to 4.7.1

original bug: 

http://phplens.com/lens/lensforum/msgs.php?id=14365

http://sourceforge.net/project/shownotes.php?release_id=387862&group_id=42718

Credit: Andy Staudacher
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-24 12:53:24 UTC
php, please provide fixed packages.
Comment 2 Luca Longinotti (RETIRED) gentoo-dev 2006-01-24 13:14:04 UTC
dev-php/adodb-4.71 is in the tree.
Best regards, CHTEKK.
Comment 3 Stefan Cornelius (RETIRED) gentoo-dev 2006-01-24 13:23:14 UTC
arches, eternal damnation aka testing and stabling (right gustavosz ;) is required here. thanks in advance
Comment 4 Gustavo Zacarias (RETIRED) gentoo-dev 2006-01-25 10:58:19 UTC
This isn't sparc stable...
Comment 5 Markus Rothe (RETIRED) gentoo-dev 2006-01-25 11:54:30 UTC
stable on ppc64
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-01-25 13:27:40 UTC
ppc stable
Comment 7 Bryan Østergaard (RETIRED) gentoo-dev 2006-01-26 14:17:02 UTC
Stable on alpha + ia64.
Comment 8 Simon Stelling (RETIRED) gentoo-dev 2006-01-27 04:07:28 UTC
amd64 stable
Comment 9 Mark Loeser (RETIRED) gentoo-dev 2006-01-27 16:50:04 UTC
x86 done
Comment 10 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-04 07:57:02 UTC
ready for glsa vote, I tend to a yes.
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-02-04 09:21:07 UTC
I tend to vote YES too.
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2006-02-04 09:34:12 UTC
ok, we'll have a glsa then
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-02-06 10:24:07 UTC
GLSA 200602-02