Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 832208 (CVE-2021-3850)

Summary: <dev-php/adodb-5.21.4: postgresql authentication bypass
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: mjo, php-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-28 13:58:35 UTC
CVE-2021-3850:

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.

Patch: https://github.com/adodb/adodb/commit/952de6c4273d9b1e91c2b838044f8c2111150c29

Fix in 5.20.21, 5.21.4, please bump.
Comment 1 Larry the Git Cow gentoo-dev 2022-01-30 15:22:27 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d52de2552e38f4bd8dcf9c4721731e355b6b0f01

commit d52de2552e38f4bd8dcf9c4721731e355b6b0f01
Author:     Michael Orlitzky <mjo@gentoo.org>
AuthorDate: 2022-01-30 15:20:26 +0000
Commit:     Michael Orlitzky <mjo@gentoo.org>
CommitDate: 2022-01-30 15:21:03 +0000

    dev-php/adodb: new upstream release to fix CVE-2021-3850.
    
    Bug: https://bugs.gentoo.org/832208
    Package-Manager: Portage-3.0.30, Repoman-3.0.3
    Signed-off-by: Michael Orlitzky <mjo@gentoo.org>

 dev-php/adodb/Manifest            |  1 +
 dev-php/adodb/adodb-5.21.4.ebuild | 40 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-30 19:00:32 UTC
Thanks! Please stable when ready
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-16 22:49:40 UTC
Stabilized a few days ago:

commit 95cafdbbabb91d6647851104876a73c47b05aa68
Author: Michael Orlitzky <mjo@gentoo.org>
Date:   Sun Aug 7 09:09:17 2022 -0400

    dev-php/adodb: stabilize 5.21.4

    Signed-off-by: Michael Orlitzky <mjo@gentoo.org>