Debian Bug report logs -
#349985
various unfixed security bugs
Reported by: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 26 Jan 2006 13:03:05 UTC
Severity: grave
Tags: fixed, security
Found in version libphp-adodb/4.64-4
Fixed in version 4.72-0.1
Done: "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Thorsten Sauter <tsauter@debian.org>
:
Bug#349985
; Package libphp-adodb
.
(full text, mbox, link).
Acknowledgement sent to Florian Weimer <fw@deneb.enyo.de>
:
New Bug report received and forwarded. Copy sent to Thorsten Sauter <tsauter@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libphp-adodb
Tags: security
Severity: grave
The package seems to contain at least the following vulnerabilities:
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0146>
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0147>
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0410>
<http://sourceforge.net/project/shownotes.php?release_id=387862&group_id=42718>
Information forwarded to debian-bugs-dist@lists.debian.org, Thorsten Sauter <tsauter@debian.org>
:
Bug#349985
; Package libphp-adodb
.
(full text, mbox, link).
Acknowledgement sent to Micah Anderson <micah@debian.org>
:
Extra info received and forwarded to list. Copy sent to Thorsten Sauter <tsauter@debian.org>
.
(full text, mbox, link).
Message #10 received at 349985@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libphp-adodb
Version: 4.64-4
Followup-For: Bug #349985
Hello,
Please find attached a patch which details the changes to your package
that are included in the NMU uploaded to the DELAYED-3 day queue. This
patch shows the package changes, since your package includes a tarball
I have excluded that from the diff, but be advised that this NMU
contains an upgrade to a newer release, so the tarball contained within
this NMU package is of that release.
Micah
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15+vserver
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libphp-adodb depends on:
ii debconf [debconf-2.0] 1.4.72 Debian configuration management sy
ii libapache-mod-php4 [phpapi- 4:4.4.2-1+b1 server-side, HTML-embedded scripti
ii libapache2-mod-php4 [phpapi 4:4.4.2-1+b1 server-side, HTML-embedded scripti
Versions of packages libphp-adodb recommends:
ii php4-mysql 4:4.4.2-1+b1 MySQL module for php4
pn php4-odbc | php5-odbc <none> (no description available)
pn php4-pgsql | php5-pgsql <none> (no description available)
pn php4-sybase | php5-sybase <none> (no description available)
-- debconf information excluded
[libphp-adodb-4.72-0.1.patch (text/plain, attachment)]
Tags added: fixed
Request was from Micah Anderson <micah@debian.org>
to control@bugs.debian.org
.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Thorsten Sauter <tsauter@debian.org>
:
Bug#349985
; Package libphp-adodb
.
(full text, mbox, link).
Acknowledgement sent to Cameron Dale <camrdale@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Thorsten Sauter <tsauter@debian.org>
.
(full text, mbox, link).
Message #17 received at 349985@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Attached are the patches I have prepared that backports the fixes of
these vulnerabilities to the version in sarge (4.52-1).
--
Cameron Dale
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Thorsten Sauter <tsauter@debian.org>
:
Bug#349985
; Package libphp-adodb
.
(full text, mbox, link).
Acknowledgement sent to Cameron Dale <camrdale@gmail.com>
:
Extra info received and forwarded to list. Copy sent to Thorsten Sauter <tsauter@debian.org>
.
(full text, mbox, link).
Message #22 received at 349985@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Attached are the patches I have prepared that backports the fixes of
these vulnerabilities to the version in sarge (4.52-1).
They're really attached this time.
--
Cameron Dale
[01_server.php.patch (text/plain, attachment)]
[02_tmssql.php.patch (text/plain, attachment)]
[03_adodb-postgres64.inc.php.patch (text/plain, attachment)]
[signature.asc (application/pgp-signature, inline)]
Bug marked as fixed in version 4.72-0.1, send any further explanations to Florian Weimer <fw@deneb.enyo.de>
Request was from "Adam D. Barratt" <debian-bts@adam-barratt.org.uk>
to control@bugs.debian.org
.
(full text, mbox, link).
Message sent on to Florian Weimer <fw@deneb.enyo.de>
:
Bug#349985.
(full text, mbox, link).
Message #27 received at 349985-submitter@bugs.debian.org (full text, mbox, reply):
Hi,
You should have recently received (or will soon receive) an e-mail
telling you that I've closed Debian bug #349985 in the libphp-adodb
package, which you reported.
Due to the fact that the package was uploaded by someone who does not
normally do so, the bug was marked as "fixed" rather than closed.
Debian's bug tracking system now allows for this information to be
recorded in a more useful manner, enabling these bugs to be closed.
Due to the volume of bugs affected by this change, we are unfortunately
not sending individualized explanations for each bug. If you have
questions about the fix for your particular bug or about this email,
please contact me directly or follow up to the bug report in the Debian
BTS.
[It's possible you may receive multiple messages stating that the bug
was fixed in several different versions of the package. There are two
common reasons for this:
- the bug was fixed in one version but subsequently found to exist
in a later version
- the bug existed in multiple distributions (for instance, "unstable"
and "stable") and was thus fixed in a separate upload to each
distribution
]
Regards,
Adam
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Tue, 26 Jun 2007 21:55:38 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:29:48 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.