[SECURITY] [DLA 2912-1] libphp-adodb security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2912-1] libphp-adodb security update
From: Utkarsh Gupta <utkarsh@debian.org>
Date: Sun, 6 Feb 2022 14:38:39 +0530
Message-id: <[🔎] CAPP0f96p8AJpd0NWYeYY4driDkSpPT6n1XVL=eOsC_B_Qs1Ujg@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2912-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
February 06, 2022                             https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : libphp-adodb
Version        : 5.20.9-1+deb9u1
CVE ID         : CVE-2021-3850
Debian Bug     : 1004376

It was found that in libphp-adodb, a PHP database abstraction layer
library, an attacker can inject values into the PostgreSQL connection
string by bypassing adodb_addslashes(). The function can be bypassed
in phppgadmin, for example, by surrounding the username in quotes and
submitting with other parameters injected in between.

For Debian 9 stretch, this problem has been fixed in version
5.20.9-1+deb9u1.

We recommend that you upgrade your libphp-adodb packages.

For the detailed security status of libphp-adodb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libphp-adodb

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmH/j+EACgkQgj6WdgbD
S5bnQRAAm8IESM/+omLfwgGS7izrEII/lleYRRkXHdrOWogtOk/uFdYxwY9arYbM
yz+SSWPVbKFP/HyfTuna0uGCK85URfKmQ9EbqNVQuxeGBVWRJ+BG16uWgBVcV6up
A5h4wI5yQCLbTth0+zYVfbT4tQ86F1z5gB3x4fN84cFPgSzVf6KkYYuWzBgu9HCl
cT5f03DIty9SzjE+jTbjS49uAZra7NNzpsMxhlO9NmYR8uRmk0BgbpbbthxINBVs
buXg0XpvYuBm5PadPmBS1q0qUv1A2gphxAoKDXPxhPMDFJk9+VEoYFLzH786vtBA
OquVxKZtckGFQh8M/iwqJXiQ8/48WPFnhngMmkMJOX0bJiARlj4x7ETRXSqn8zxC
iobtuUW9gJwVveWwnxj+tjW1cAOYuPORl05Z7OypGnXDePwekqlxroBl+eqT4H1s
xzwyTUcU9luh7DtBcYbzI05MnMr34WboV7e/nynPwoItEhVh+7B5RN5xQWux4cmi
REdw3t7dolLZ9ch6ay/t+QpwUIoa86aYc9AeNYVMGHrL/JbQCQXqAhVcTHECCpP5
2ce/ohEko7hexOaRYdAQm908yRcE0bRJIbBFJ9dOY03HqV/oFsYZwqJOa/CP6W/R
W6YGbK83RkqpOAXWWDHDJkU8xYL8CHHClGvSSzzbSfKgUw0DiW8=
=gkeH
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2910-1] ldns security update
Next by Date: [SECURITY] [DLA 2913-1] xterm security update
Previous by thread: [SECURITY] [DLA 2910-1] ldns security update
Next by thread: [SECURITY] [DLA 2913-1] xterm security update
Index(es):
- Date
- Thread