subject:"Bug#1116017\: trixie\-pu\: package libphp\-adodb\/5.22.9\-0.1\+deb13u1"

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

2025-12-02 Thread Abhijith PA

Uploaded libphp-adodb/5.22.9-0.1+deb13u1

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

2025-12-01 Thread Abhijith PA

Hi,

On 14/11/25 09:08 PM, Salvatore Bonaccorso wrote:
> Hi Abhijith,
> 
> On Thu, Nov 06, 2025 at 05:57:21PM +, Adam D. Barratt wrote:
> > Control: tags -1 + confirmed
> > 
> > On Mon, 2025-11-03 at 13:08 +0530, Abhijith PA wrote:
> > > There was a discussion internally with Debian security team, LTS team
> > > member rouca and Damien Regad and concluded that along with sqlite3,
> > > sqlite driver is also vulnerable.
> > > 
> > > I have fixed that and refreshed the debdiff. I am removing confirmed
> > > tag for this bug report to re-review.
> > 
> > The changelog should mention that both drivers are fixed.
> > 
> > With that done, please go ahead.
> 
> Did you saw the ack from Adam?

Thanks. I did miss.

--abhijith

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

2025-11-14 Thread Salvatore Bonaccorso

Hi Abhijith,

On Thu, Nov 06, 2025 at 05:57:21PM +, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Mon, 2025-11-03 at 13:08 +0530, Abhijith PA wrote:
> > There was a discussion internally with Debian security team, LTS team
> > member rouca and Damien Regad and concluded that along with sqlite3,
> > sqlite driver is also vulnerable.
> > 
> > I have fixed that and refreshed the debdiff. I am removing confirmed
> > tag for this bug report to re-review.
> 
> The changelog should mention that both drivers are fixed.
> 
> With that done, please go ahead.

Did you saw the ack from Adam?

Regards,
Salvatore

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

2025-11-06 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Mon, 2025-11-03 at 13:08 +0530, Abhijith PA wrote:
> There was a discussion internally with Debian security team, LTS team
> member rouca and Damien Regad and concluded that along with sqlite3,
> sqlite driver is also vulnerable.
> 
> I have fixed that and refreshed the debdiff. I am removing confirmed
> tag for this bug report to re-review.

The changelog should mention that both drivers are fixed.

With that done, please go ahead.

Regards,

Adam

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

2025-11-03 Thread Abhijith PA


Hi,

There was a discussion internally with Debian security team, LTS team
member rouca and Damien Regad and concluded that along with sqlite3,
sqlite driver is also vulnerable.

I have fixed that and refreshed the debdiff. I am removing confirmed
tag for this bug report to re-review.

Please see
http://security.debian.org/pool/updates/main/libp/libphp-adodb/libphp-adodb_5.20
+.19-1+deb11u3.dsc

--abhijith
diff -Nru libphp-adodb-5.22.9/debian/changelog 
libphp-adodb-5.22.9/debian/changelog
--- libphp-adodb-5.22.9/debian/changelog2025-05-02 19:18:03.0 
+0530
+++ libphp-adodb-5.22.9/debian/changelog2025-09-23 12:44:45.0 
+0530
@@ -1,3 +1,10 @@
+libphp-adodb (5.22.9-0.1+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2025-54119: SQL injection in sqlite3 driver (Closes: #1110464)
+
+ -- Abhijith PA   Tue, 23 Sep 2025 12:44:45 +0530
+
 libphp-adodb (5.22.9-0.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff -Nru libphp-adodb-5.22.9/debian/patches/CVE-2025-54119-2.patch 
libphp-adodb-5.22.9/debian/patches/CVE-2025-54119-2.patch
--- libphp-adodb-5.22.9/debian/patches/CVE-2025-54119-2.patch   1970-01-01 
05:30:00.0 +0530
+++ libphp-adodb-5.22.9/debian/patches/CVE-2025-54119-2.patch   2025-09-23 
12:44:45.0 +0530
@@ -0,0 +1,47 @@
+From 5b8bd52cdcffefb4ecded1b399c98cfa516afe03 Mon Sep 17 00:00:00 2001
+From: Damien Regad 
+Date: Sat, 19 Jul 2025 18:37:59 +0200
+Subject: [PATCH] Prevent SQL injection in sqlite3 driver
+
+Use query parameters instead of injecting the table name in the SQL, in
+the following methods:
+- metaColumns()
+- metaForeignKeys()
+- metaIndexes()
+
+Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.
+
+Fixes #1083, CVE-2025-54119, GHSA-vf2r-cxg9-p7rf
+---
+--- a/drivers/adodb-sqlite.inc.php
 b/drivers/adodb-sqlite.inc.php
+@@ -95,7 +95,9 @@ class ADODB_sqlite extends ADOConnection
+   if ($this->fetchMode !== false) {
+   $savem = $this->SetFetchMode(false);
+   }
+-  $rs = $this->Execute("PRAGMA table_info('$table')");
++
++  $rs = $this->execute("PRAGMA table_info(?)", array($table));
++
+   if (isset($savem)) {
+   $this->SetFetchMode($savem);
+   }
+@@ -167,7 +169,6 @@ class ADODB_sqlite extends ADOConnection
+   return ($col) ? "adodb_date2($fmt,$col)" : "adodb_date($fmt)";
+   }
+ 
+-
+   function _createFunctions()
+   {
+   @sqlite_create_function($this->_connectionID, 'adodb_date', 
'adodb_date', 1);
+@@ -318,8 +319,8 @@ class ADODB_sqlite extends ADOConnection
+   if ($this->fetchMode !== FALSE) {
+   $savem = $this->SetFetchMode(FALSE);
+   }
+-  $SQL=sprintf("SELECT name,sql FROM sqlite_master WHERE 
type='index' AND tbl_name='%s'", strtolower($table));
+-  $rs = $this->Execute($SQL);
++  $SQL="SELECT name,sql FROM sqlite_master WHERE type='index' AND 
tbl_name=?";
++  $rs = $this->Execute($SQL,[strtolower($table)]);
+   if (!is_object($rs)) {
+   if (isset($savem)) {
+   $this->SetFetchMode($savem);
diff -Nru libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch 
libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch
--- libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch 1970-01-01 
05:30:00.0 +0530
+++ libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch 2025-09-23 
12:44:45.0 +0530
@@ -0,0 +1,89 @@
+From 5b8bd52cdcffefb4ecded1b399c98cfa516afe03 Mon Sep 17 00:00:00 2001
+From: Damien Regad 
+Date: Sat, 19 Jul 2025 18:37:59 +0200
+Subject: [PATCH] Prevent SQL injection in sqlite3 driver
+
+Use query parameters instead of injecting the table name in the SQL, in
+the following methods:
+- metaColumns()
+- metaForeignKeys()
+- metaIndexes()
+
+Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.
+
+Fixes #1083, CVE-2025-54119, GHSA-vf2r-cxg9-p7rf
+---
+ drivers/adodb-sqlite3.inc.php | 37 ++-
+ 1 file changed, 15 insertions(+), 22 deletions(-)
+
+diff --git a/drivers/adodb-sqlite3.inc.php b/drivers/adodb-sqlite3.inc.php
+index 7e5f5ffdc..564eec958 100644
+--- a/drivers/adodb-sqlite3.inc.php
 b/drivers/adodb-sqlite3.inc.php
+@@ -168,7 +168,9 @@ function MetaColumns($table, $normalize=true)
+   if ($this->fetchMode !== false) {
+   $savem = $this->SetFetchMode(false);
+   }
+-  $rs = $this->Execute("PRAGMA table_info('$table')");
++
++  $rs = $this->execute("PRAGMA table_info(?)", array($table));
++
+   if (isset($savem)) {
+   $this->SetFetchMode($savem);
+   }
+@@ -222,9 +224,8 @@ public function metaForeignKeys($table, $owner = '', 
$upper =  false, $associati
+

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

2025-11-01 Thread Adam D. Barratt

Control: tags -1 + confirmed

On Tue, 2025-09-23 at 13:18 +0530, Abhijith PA wrote:
> please approve the upload of package libphp-adodb to trixie
> to fix security issue. CVE-2025-54119

Please go ahead.

Regards,

Adam

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

2025-09-25 Thread Abhijith PA

Package: release.debian.org
Severity: normal
Tags: trixie
User: [email protected]
Usertags: pu
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:libphp-adodb

please approve the upload of package libphp-adodb to trixie
to fix security issue. CVE-2025-54119

[ Reason ]

There is a SQL injection vulnerability in the sqlite3 driver.

[ Impact ]
Impacts the use of sqlite3 driver where SQL injection possible in
metaColumns(), metaForeignKeys() or metaIndexes() methods.

[ Tests ]
No tests in package. But The patch is backported from upstream without
any fuzzs.

[ Risks ]
Unlikely. patch backported from v5.22.10. Just a point version above.

[ Checklist ]
  [X] *all* changes are documented in the d/changelog
  [X] I reviewed all changes and I approve them
  [X] attach debdiff against the package in (old)stable
  [X] the issue is verified as fixed in unstable

--abhijith
diff -Nru libphp-adodb-5.22.9/debian/changelog 
libphp-adodb-5.22.9/debian/changelog
--- libphp-adodb-5.22.9/debian/changelog2025-05-02 19:18:03.0 
+0530
+++ libphp-adodb-5.22.9/debian/changelog2025-09-23 12:44:45.0 
+0530
@@ -1,3 +1,10 @@
+libphp-adodb (5.22.9-0.1+deb13u1) trixie; urgency=medium
+
+  * Non-maintainer upload.
+  * Fix CVE-2025-54119: SQL injection in sqlite3 driver (Closes: #1110464)
+
+ -- Abhijith PA   Tue, 23 Sep 2025 12:44:45 +0530
+
 libphp-adodb (5.22.9-0.1) unstable; urgency=high
 
   * Non-maintainer upload.
diff -Nru libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch 
libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch
--- libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch 1970-01-01 
05:30:00.0 +0530
+++ libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch 2025-09-23 
12:44:45.0 +0530
@@ -0,0 +1,89 @@
+From 5b8bd52cdcffefb4ecded1b399c98cfa516afe03 Mon Sep 17 00:00:00 2001
+From: Damien Regad 
+Date: Sat, 19 Jul 2025 18:37:59 +0200
+Subject: [PATCH] Prevent SQL injection in sqlite3 driver
+
+Use query parameters instead of injecting the table name in the SQL, in
+the following methods:
+- metaColumns()
+- metaForeignKeys()
+- metaIndexes()
+
+Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability.
+
+Fixes #1083, CVE-2025-54119, GHSA-vf2r-cxg9-p7rf
+---
+ drivers/adodb-sqlite3.inc.php | 37 ++-
+ 1 file changed, 15 insertions(+), 22 deletions(-)
+
+diff --git a/drivers/adodb-sqlite3.inc.php b/drivers/adodb-sqlite3.inc.php
+index 7e5f5ffdc..564eec958 100644
+--- a/drivers/adodb-sqlite3.inc.php
 b/drivers/adodb-sqlite3.inc.php
+@@ -168,7 +168,9 @@ function MetaColumns($table, $normalize=true)
+   if ($this->fetchMode !== false) {
+   $savem = $this->SetFetchMode(false);
+   }
+-  $rs = $this->Execute("PRAGMA table_info('$table')");
++
++  $rs = $this->execute("PRAGMA table_info(?)", array($table));
++
+   if (isset($savem)) {
+   $this->SetFetchMode($savem);
+   }
+@@ -222,9 +224,8 @@ public function metaForeignKeys($table, $owner = '', 
$upper =  false, $associati
+ )
+   WHERE type != 'meta'
+ AND sql NOTNULL
+-AND LOWER(name) ='" . strtolower($table) . 
"'";
+-
+-  $tableSql = $this->getOne($sql);
++AND LOWER(name) = ?";
++  $tableSql = $this->getOne($sql, [strtolower($table)]);
+ 
+   $fkeyList = array();
+   $ylist = preg_split("/,+/",$tableSql);
+@@ -441,6 +442,7 @@ function metaIndexes($table, $primary = FALSE, $owner = 
false)
+   $savem = $this->SetFetchMode(FALSE);
+   }
+ 
++  $table = strtolower($table);
+   $pragmaData = array();
+ 
+   /*
+@@ -449,26 +451,17 @@ function metaIndexes($table, $primary = FALSE, $owner = 
false)
+   */
+   if ($primary)
+   {
+-  $sql = sprintf('PRAGMA table_info([%s]);',
+- strtolower($table)
+- );
+-  $pragmaData = $this->getAll($sql);
++  $sql = 'PRAGMA table_info(?)';
++  $pragmaData = $this->getAll($sql, [$table]);
+   }
+ 
+-  /*
+-  * Exclude the empty entry for the primary index
+-  */
+-  $sqlite = "SELECT name,sql
+-   FROM sqlite_master
+-  WHERE type='index'
+-AND sql IS NOT NULL
+-AND LOWER(tbl_name)='%s'";
+-
+-  $SQL = sprintf($sqlite,
+-   strtolower($table)
+-

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

Bug#1116017: trixie-pu: package libphp-adodb/5.22.9-0.1+deb13u1

7 matches

Site Navigation

Mail list logo

Footer information