Debian alert DLA-4340-1 (libphp-adodb)
| From: | rouca@debian.org | |
| To: | <debian-lts-announce@lists.debian.org> | |
| Subject: | [SECURITY] [DLA 4340-1] libphp-adodb security update | |
| Date: | Mon, 20 Oct 2025 16:33:49 +0200 | |
| Message-ID: | <afdfabe6be86ea4d83e2928bbe81990d@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4340-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès October 20, 2025 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : libphp-adodb Version : 5.20.19-1+deb11u3 CVE ID : CVE-2025-54119 Debian Bug : 1110464 libphp-adodb, a class library that provides abstractions for performing queries and managing databases, was affected by a vulnerability. Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 or sqlite database and calls the metaColumns(), metaForeignKeys() or metaIndexes() methods with a crafted table name. For Debian 11 bullseye, this problem has been fixed in version 5.20.19-1+deb11u3. We recommend that you upgrade your libphp-adodb packages. For the detailed security status of libphp-adodb please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libphp-adodb Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmj2SE0ACgkQADoaLapB CF9zHBAAmhs1gt1nd5bKwwX3ouEpDAyCGLjBgz1ChI/GExQabiJDr/indN0eD9sa 0Z6+HTwhtL7ESYQ8CWhHZuBK1JQwKlAm/nUU2iRvlp+5QDPfJCKVxj/yuScUB3UV W3SEUsIrvA5PvyEYxXgJAACSeRvVqOkXNzOH6QGXcFXbFg56I81czXCCaZuVy63q eq4A/2QQqmrern6mA6wcJ47jjWeZFmDoUpCTsm48fJPI7Z+mDP5CCUTKHiA3NsGS hx8Kv4oCD2L7tcCRs0MfKscADUaiLSmjNEnXLQ2+hA7xa3BTyafGjt5bE1g3TAUj igSdTcANa4zCqy0Spzbkcqi1Lnnpg3hd6nGC+Ct+qoOSl2aiMptDjEtyYo2UA9Yt XNf3Qqr3SUDx3sFWC2L+dAqOZP7nGvmUnrQuSlmwrWSpTf4rz+XhSsOv89hfOzEc sHiVR+I09KADmFxELarFo+d4V8y6VDjeBk6U6AUdQxsRrd539wsi7UV1klsC/2hd X0Vlg3IE7AbjEZDb/d4bXcHu6bW7sBKjNDYMrFzK4pomZLgyQ2lZtllqUnhGlqoO xfHSbOIPLd3cH1C6bk3TFXXE0WdouT4fnmwYfmGTAxWOjeFUIpQ99NbDETzweM09 Lfp1YYXfPf8/NhTiUvoEV6b/ka1Xi8UKWscE3vImbM1gZ/sOEFE= =BgDF -----END PGP SIGNATURE-----