Ubuntu CVE Tracker

Merge ~federicoquattrin/ubuntu-cve-tracker:update_libphp-adodb_cves into ubuntu-cve-tracker:master

  1. Git
  2. lp:~federicoquattrin/ubuntu-cve-tracker
  3. update_libphp-adodb_cves
  4. Merge into master
Proposed by Federico Quattrin
Status: Merged
Merged at revision: 314d1e95080e5acd64bcc5e8b8272c4cb8e2b7ee
Proposed branch: ~federicoquattrin/ubuntu-cve-tracker:update_libphp-adodb_cves
Merge into: ubuntu-cve-tracker:master
Diff against target: 134 lines (+36/-30)
3 files modified
active/CVE-2016-4855 (+3/-1)
active/CVE-2016-7405 (+21/-19)
active/CVE-2021-3850 (+12/-10)
Reviewer Review Type Date Requested Status
Emilia Torino Approve
Review via email: mp+467206@code.launchpad.net

Commit message

updated CVE-2016-4855, CVE-2016-7405, and CVE-2021-3850

Description of the change

updated CVE-2016-4855, CVE-2016-7405, and CVE-2021-3850

To post a comment you must log in.
Revision history for this message
Emilia Torino (emitorino) wrote (last edit ):

- I think you missed running ./scripts/cve_need_retire since 2 of the CVEs can be retired and the script suggests it.

- See other minor comments added below.

I am approving/merging this anyways so CVE fixes are in syn with the USN but lets fix the other issues in a follow up MP

review: Approve
Revision history for this message
Emilia Torino (emitorino) wrote :

Ah you can also unassign yourself from the 3 CVEs

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/active/CVE-2016-4855 b/active/CVE-2016-4855
2index a1be28b..6e84857 100644
3--- a/active/CVE-2016-4855
4+++ b/active/CVE-2016-4855
5@@ -1,8 +1,10 @@
6+PublicDateAtUSN: 2017-05-12 18:29:00 UTC
7 Candidate: CVE-2016-4855
8 PublicDate: 2017-05-12 18:29:00 UTC
9 References:
10 https://jvn.jp/en/jp/JVN48237713/
11 https://www.cve.org/CVERecord?id=CVE-2016-4855
12+ https://ubuntu.com/security/notices/USN-6825-1
13 Description:
14 Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows
15 remote attackers to inject arbitrary web script or HTML via unspecified
16@@ -27,7 +29,7 @@ trusty/esm_libphp-adodb: DNE (trusty was released [5.15-1+deb7u1build0.14.04.1])
17 vivid/stable-phone-overlay_libphp-adodb: DNE
18 vivid/ubuntu-core_libphp-adodb: DNE
19 xenial_libphp-adodb: ignored (end of standard support, was needed)
20-esm-apps/xenial_libphp-adodb: needed
21+esm-apps/xenial_libphp-adodb: released (5.20.3-1ubuntu1+esm1)
22 yakkety_libphp-adodb: ignored (end of life)
23 zesty_libphp-adodb: ignored (end of life)
24 artful_libphp-adodb: ignored (end of life)
25diff --git a/active/CVE-2016-7405 b/active/CVE-2016-7405
26index b93a234..7dc49ac 100644
27--- a/active/CVE-2016-7405
28+++ b/active/CVE-2016-7405
29@@ -1,3 +1,4 @@
30+PublicDateAtUSN: 2016-10-03 18:59:00 UTC
31 Candidate: CVE-2016-7405
32 PublicDate: 2016-10-03 18:59:00 UTC
33 References:
34@@ -5,6 +6,7 @@ References:
35 https://github.com/ADOdb/ADOdb/commit/bd9eca9
36 http://www.openwall.com/lists/oss-security/2016/09/07/8
37 https://www.cve.org/CVERecord?id=CVE-2016-7405
38+ https://ubuntu.com/security/notices/USN-6825-1
39 Description:
40 The qstr method in the PDO driver in the ADOdb Library for PHP before 5.x
41 before 5.20.7 might allow remote attackers to conduct SQL injection attacks
42@@ -28,25 +30,25 @@ trusty/esm_libphp-adodb: DNE (trusty was released [5.15-1+deb7u1build0.14.04.1])
43 vivid/stable-phone-overlay_libphp-adodb: DNE
44 vivid/ubuntu-core_libphp-adodb: DNE
45 xenial_libphp-adodb: ignored (end of standard support, was needed)
46-esm-apps/xenial_libphp-adodb: needed
47+esm-apps/xenial_libphp-adodb: released (5.20.3-1ubuntu1+esm1)
48 yakkety_libphp-adodb: ignored (end of life)
49 zesty_libphp-adodb: ignored (end of life)
50 artful_libphp-adodb: ignored (end of life)
51-bionic_libphp-adodb: not-affected
52-esm-apps/bionic_libphp-adodb: not-affected
53-cosmic_libphp-adodb: not-affected
54-disco_libphp-adodb: not-affected
55-eoan_libphp-adodb: not-affected
56-focal_libphp-adodb: not-affected
57-esm-apps/focal_libphp-adodb: not-affected
58-groovy_libphp-adodb: not-affected
59-hirsute_libphp-adodb: not-affected
60-impish_libphp-adodb: not-affected
61-jammy_libphp-adodb: not-affected
62-esm-apps/jammy_libphp-adodb: not-affected
63-kinetic_libphp-adodb: not-affected
64-lunar_libphp-adodb: not-affected
65-mantic_libphp-adodb: not-affected
66-noble_libphp-adodb: not-affected
67-esm-apps/noble_libphp-adodb: not-affected
68-devel_libphp-adodb: not-affected
69+bionic_libphp-adodb: not-affected (5.20.6-1)
70+esm-apps/bionic_libphp-adodb: not-affected (5.20.6-1)
71+cosmic_libphp-adodb: not-affected (5.20.6-1)
72+disco_libphp-adodb: not-affected (5.20.6-1)
73+eoan_libphp-adodb: not-affected (5.20.6-1)
74+focal_libphp-adodb: not-affected (5.20.6-1)
75+esm-apps/focal_libphp-adodb: not-affected (5.20.6-1)
76+groovy_libphp-adodb: not-affected (5.20.6-1)
77+hirsute_libphp-adodb: not-affected (5.20.6-1)
78+impish_libphp-adodb: not-affected (5.20.6-1)
79+jammy_libphp-adodb: not-affected (5.20.6-1)
80+esm-apps/jammy_libphp-adodb: not-affected (5.20.6-1)
81+kinetic_libphp-adodb: not-affected (5.20.6-1)
82+lunar_libphp-adodb: not-affected (5.20.6-1)
83+mantic_libphp-adodb: not-affected (5.20.6-1)
84+noble_libphp-adodb: not-affected (5.20.6-1)
85+esm-apps/noble_libphp-adodb: not-affected (5.20.6-1)
86+devel_libphp-adodb: not-affected (5.20.6-1)
87diff --git a/active/CVE-2021-3850 b/active/CVE-2021-3850
88index 83094c3..e77671d 100644
89--- a/active/CVE-2021-3850
90+++ b/active/CVE-2021-3850
91@@ -1,3 +1,4 @@
92+PublicDateAtUSN: 2022-01-25 15:15:00 UTC
93 Candidate: CVE-2021-3850
94 PublicDate: 2022-01-25 15:15:00 UTC
95 References:
96@@ -5,6 +6,7 @@ References:
97 https://github.com/ADOdb/ADOdb/issues/793
98 https://huntr.dev/bounties/bdf5f216-4499-4225-a737-b28bc6f5801c
99 https://www.cve.org/CVERecord?id=CVE-2021-3850
100+ https://ubuntu.com/security/notices/USN-6825-1
101 Description:
102 Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb
103 prior to 5.20.21.
104@@ -21,20 +23,20 @@ CVSS:
105
106
107 Patches_libphp-adodb:
108-upstream_libphp-adodb: needs-triage
109+upstream_libphp-adodb: not-affected (5.21.0-1)
110 trusty_libphp-adodb: ignored (end of standard support)
111 xenial_libphp-adodb: ignored (end of standard support)
112-esm-apps/xenial_libphp-adodb: needs-triage
113+esm-apps/xenial_libphp-adodb: released (5.20.3-1ubuntu1+esm1)
114 bionic_libphp-adodb: ignored (end of standard support, was needed)
115-esm-apps/bionic_libphp-adodb: needed
116+esm-apps/bionic_libphp-adodb: released (5.20.9-1ubuntu0.1~esm1)
117 focal_libphp-adodb: needed
118-esm-apps/focal_libphp-adodb: needed
119+esm-apps/focal_libphp-adodb: released (5.20.16-1ubuntu0.1~esm1)
120 impish_libphp-adodb: ignored (end of life)
121-jammy_libphp-adodb: needs-triage
122-esm-apps/jammy_libphp-adodb: needs-triage
123+jammy_libphp-adodb: released (5.20.19-1ubuntu0.1)
124+esm-apps/jammy_libphp-adodb: not-affected (5.20.19-1ubuntu0.1)
125 kinetic_libphp-adodb: ignored (end of life, was needs-triage)
126 lunar_libphp-adodb: ignored (end of life, was needs-triage)
127-mantic_libphp-adodb: needs-triage
128-noble_libphp-adodb: needs-triage
129-esm-apps/noble_libphp-adodb: needs-triage
130-devel_libphp-adodb: needs-triage
131+mantic_libphp-adodb: not-affected (5.21.0-1)
132+noble_libphp-adodb: not-affected (5.21.0-1)
133+esm-apps/noble_libphp-adodb: not-affected (5.21.0-1)
134+devel_libphp-adodb: not-affected (5.21.0-1)

Subscribers

People subscribed via source and target branches