Summary: | <dev-php/adodb-5.20.9: multiple vulnerabilities (CVE-2016-{4855,7405}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: |
=dev-php/adodb-5.20.9
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2017-01-05 01:27:17 UTC
Fixed version already in tree via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf5ef14a19396a61ea2905aaf00851b9d51b17cd @ Maintainer(s): Can we stabilize =dev-php/adodb-5.20.9? CVE-2016-7405 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7405): The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x before 5.20.7 might allow remote attackers to conduct SQL injection attacks via vectors related to incorrect quoting. (In reply to Thomas Deutschmann from comment #1) > > @ Maintainer(s): Can we stabilize =dev-php/adodb-5.20.9? It's probably OK.. I just noticed the CVEs in the changelog and bumped this, but I haven't updated to it on our servers yet. Let's start the process; I'll update to it myself, and come back and make noise if I notice any problems. @ Arches, please test and mark stable: =dev-php/adodb-5.20.9 Stable on alpha. amd64 stable x86 stable sparc stable ppc stable ia64 stable ppc64 stable Stable for HPPA. jer cleaned up for me? I don't mind =P The vulnerable versions are gone. New GLSA request filed. This issue was resolved and addressed in GLSA 201701-59 at https://security.gentoo.org/glsa/201701-59 by GLSA coordinator Aaron Bauman (b-man). |