Bug#1104821: bookworm-pu: package libphp-adobd/5.21.4-1.1+deb12u1
Hi,
I insisted on my intuition, which said that the versioning was wrong,
and checked with dpkg, which confirmed it. This has already been fixed
in my Salsa fork. Sorry.
dpkg --compare-versions 5.21.14-0.1+deb12u1 lt 5.21.14-1
echo $?
0 (true)
dpkg --compare-versions 5.21.14-1.1+deb12u1 lt 5.21.14-1
echo $?
1 (false)
lt: less than
Example: dpkg --compare-versions 1.0 lt 2.0 → true
le: less than or equal
Example: dpkg --compare-versions 1.0 le 1.0 → true
eq: equal
Example: dpkg --compare-versions 1.0 eq 1.0 → true
ne: not equal
Example: dpkg --compare-versions 1.0 ne 2.0 → true
ge: greater than or equal
Example: dpkg --compare-versions 2.0 ge 1.0 → true
gt: greater than
Example: dpkg --compare-versions 2.0 gt 1.0 → true
EsTk MZnH uZnu AXtb 8SKX d4S4 eSW4 BAbT JM1q 8W8G DMjC ZoYW
diffstat for libphp-adodb-5.21.4 libphp-adodb-5.21.4
changelog | 7 +++++
patches/00-fix-sec-pgsql-sql-injection.patch | 33 +++++++++++++++++++++++++++
patches/series | 1
3 files changed, 41 insertions(+)
diff -Nru libphp-adodb-5.21.4/debian/changelog libphp-adodb-5.21.4/debian/changelog
--- libphp-adodb-5.21.4/debian/changelog 2022-03-12 11:11:01.000000000 -0300
+++ libphp-adodb-5.21.4/debian/changelog 2025-05-06 18:39:03.000000000 -0300
@@ -1,3 +1,10 @@
+libphp-adodb (5.21.4-1.1+deb12u1) bookworm; urgency=high
+
+ * Non-maintainer upload.
+ + Fix SQL injection in pg_insert_id(). (Closes: #1104548, CVE-2025-46337)
+
+ -- Leandro Cunha <leandrocunha016@gmail.com> Tue, 06 May 2025 18:39:03 -0300
+
libphp-adodb (5.21.4-1) unstable; urgency=medium
* New upstream release. (Closes: #1004376)
diff -Nru libphp-adodb-5.21.4/debian/patches/00-fix-sec-pgsql-sql-injection.patch libphp-adodb-5.21.4/debian/patches/00-fix-sec-pgsql-sql-injection.patch
--- libphp-adodb-5.21.4/debian/patches/00-fix-sec-pgsql-sql-injection.patch 1969-12-31 21:00:00.000000000 -0300
+++ libphp-adodb-5.21.4/debian/patches/00-fix-sec-pgsql-sql-injection.patch 2025-05-04 11:35:10.000000000 -0300
@@ -0,0 +1,33 @@
+Description: Fix SQL injection in pg_insert_id()
+ Properly escape the $tablename and $fieldname parameters used to build
+ the sequence name.
+Forwarded: https://github.com/ADOdb/ADOdb/issues/1070
+Origin: https://github.com/ADOdb/ADOdb/commit/0774134f3311779495d16f74a35c872e353708c6.patch
+Bug-Debian: https://bugs.debian.org/1104548
+Author: Damien Regad <dregad@mantisbt.org>
+
+From 11107d6d6e5160b62e05dff8a3a2678cf0e3a426 Mon Sep 17 00:00:00 2001
+From: Damien Regad <dregad@mantisbt.org>
+Date: Sat, 26 Apr 2025 17:45:53 +0200
+Subject: [PATCH 1/2] Fix SQL injection in pg_insert_id()
+
+Properly escape the $tablename and $fieldname parameters used to build
+the sequence name.
+---
+ drivers/adodb-postgres64.inc.php | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/adodb-postgres64.inc.php b/drivers/adodb-postgres64.inc.php
+index b1d161d7c..5cbe77ed2 100644
+--- a/drivers/adodb-postgres64.inc.php
++++ b/drivers/adodb-postgres64.inc.php
+@@ -138,7 +138,8 @@ function IfNull( $field, $ifNull )
+ // get the last id - never tested
+ function pg_insert_id($tablename,$fieldname)
+ {
+- $result=pg_query($this->_connectionID, 'SELECT last_value FROM '. $tablename .'_'. $fieldname .'_seq');
++ $sequence = pg_escape_identifier($this->_connectionID, $tablename .'_'. $fieldname .'_seq');
++ $result = pg_query($this->_connectionID, 'SELECT last_value FROM '. $sequence);
+ if ($result) {
+ $arr = @pg_fetch_row($result,0);
+ pg_free_result($result);
diff -Nru libphp-adodb-5.21.4/debian/patches/series libphp-adodb-5.21.4/debian/patches/series
--- libphp-adodb-5.21.4/debian/patches/series 1969-12-31 21:00:00.000000000 -0300
+++ libphp-adodb-5.21.4/debian/patches/series 2025-05-03 17:02:59.000000000 -0300
@@ -0,0 +1 @@
+00-fix-sec-pgsql-sql-injection.patch
Reply to: