[SECURITY] [DLA 4340-1] libphp-adodb security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 4340-1] libphp-adodb security update
From: rouca@debian.org
Date: Mon, 20 Oct 2025 16:33:49 +0200
Message-id: <[🔎] afdfabe6be86ea4d83e2928bbe81990d@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4340-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Bastien RoucariÃ¨s
October 20, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libphp-adodb
Version        : 5.20.19-1+deb11u3
CVE ID         : CVE-2025-54119
Debian Bug     : 1110464

libphp-adodb, a class library that provides abstractions for performing queries and managing databases,
was affected by a vulnerability.

Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL
statements when the code using ADOdb connects to a sqlite3 or sqlite database and calls the
metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name.

For Debian 11 bullseye, this problem has been fixed in version
5.20.19-1+deb11u3.

We recommend that you upgrade your libphp-adodb packages.

For the detailed security status of libphp-adodb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libphp-adodb

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmj2SE0ACgkQADoaLapB
CF9zHBAAmhs1gt1nd5bKwwX3ouEpDAyCGLjBgz1ChI/GExQabiJDr/indN0eD9sa
0Z6+HTwhtL7ESYQ8CWhHZuBK1JQwKlAm/nUU2iRvlp+5QDPfJCKVxj/yuScUB3UV
W3SEUsIrvA5PvyEYxXgJAACSeRvVqOkXNzOH6QGXcFXbFg56I81czXCCaZuVy63q
eq4A/2QQqmrern6mA6wcJ47jjWeZFmDoUpCTsm48fJPI7Z+mDP5CCUTKHiA3NsGS
hx8Kv4oCD2L7tcCRs0MfKscADUaiLSmjNEnXLQ2+hA7xa3BTyafGjt5bE1g3TAUj
igSdTcANa4zCqy0Spzbkcqi1Lnnpg3hd6nGC+Ct+qoOSl2aiMptDjEtyYo2UA9Yt
XNf3Qqr3SUDx3sFWC2L+dAqOZP7nGvmUnrQuSlmwrWSpTf4rz+XhSsOv89hfOzEc
sHiVR+I09KADmFxELarFo+d4V8y6VDjeBk6U6AUdQxsRrd539wsi7UV1klsC/2hd
X0Vlg3IE7AbjEZDb/d4bXcHu6bW7sBKjNDYMrFzK4pomZLgyQ2lZtllqUnhGlqoO
xfHSbOIPLd3cH1C6bk3TFXXE0WdouT4fnmwYfmGTAxWOjeFUIpQ99NbDETzweM09
Lfp1YYXfPf8/NhTiUvoEV6b/ka1Xi8UKWscE3vImbM1gZ/sOEFE=
=BgDF
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4339-1] imagemagick security update
Next by Date: [SECURITY] [DLA 4341-1] gegl security update
Previous by thread: [SECURITY] [DLA 4339-1] imagemagick security update
Next by thread: [SECURITY] [DLA 4341-1] gegl security update
Index(es):
- Date
- Thread