mahara-contributors team mailing list archive
  
  - 
     mahara-contributors team mahara-contributors team
- 
    Mailing list archive
  
- 
    Message #65211
  
 [Bug 1962792] [NEW] Upgrade ADOdb from	v5.21.1 to v5.22.0
  
Public bug reported:
https://github.com/ADOdb/ADOdb/blob/v5.22.0/docs/changelog.md
Includes a security patch for drivers/adodb-postgres64.inc.php:
https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf
An attacker can inject values into a PostgreSQL connection string by
providing a parameter surrounded by single quotes.
Depending on how the library is used in the client software, this may
allow an attacker to bypass the login process, gain access to the
server's IP address, etc.
** Affects: mahara
     Importance: Undecided
         Status: New
-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1962792
Title:
  Upgrade ADOdb from v5.21.1 to v5.22.0
Status in Mahara:
  New
Bug description:
  https://github.com/ADOdb/ADOdb/blob/v5.22.0/docs/changelog.md
  Includes a security patch for drivers/adodb-postgres64.inc.php:
  https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf
  An attacker can inject values into a PostgreSQL connection string by
  providing a parameter surrounded by single quotes.
  Depending on how the library is used in the client software, this may
  allow an attacker to bypass the login process, gain access to the
  server's IP address, etc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1962792/+subscriptions
Follow ups
- 
   [Bug 1962792] Re: Upgrade ADOdb from v5.21.1	to v5.22.0
  
 From: Gold, 2022-04-27
- 
   [Bug 1962792] Re: Upgrade ADOdb from v5.21.1	to v5.22.0
  
 From: Doris Tam, 2022-04-19
- 
   [Bug 1962792] Re: Upgrade ADOdb from v5.21.1	to v5.22.0
  
 From: Robert Lyon, 2022-04-18
- 
   [Bug 1962792] A patch has been submitted for	review
  
 From: Mahara Bot, 2022-04-13
- 
   [Bug 1962792] A change has been merged
  
 From: Mahara Bot, 2022-04-13
- 
   [Bug 1962792] A patch has been submitted for	review
  
 From: Mahara Bot, 2022-04-13
- 
   [Bug 1962792] Re: Upgrade ADOdb from v5.21.1	to v5.22.0
  
 From: Robert Lyon, 2022-04-13
- 
   [Bug 1962792] A change has been merged
  
 From: Mahara Bot, 2022-04-13
- 
   [Bug 1962792] Re: Upgrade ADOdb from v5.21.1	to v5.22.0
  
 From: Robert Lyon, 2022-04-12
- 
   [Bug 1962792] A patch has been submitted for	review
  
 From: Mahara Bot, 2022-04-12
- 
   [Bug 1962792] A change has been merged
  
 From: Mahara Bot, 2022-03-09
- 
   [Bug 1962792] Re: Upgrade ADOdb from v5.21.1	to v5.22.0
  
 From: Robert Lyon, 2022-03-09
- 
   [Bug 1962792] Re: Upgrade ADOdb from v5.21.1	to v5.22.0
  
 From: Kristina Hoeppner, 2022-03-06
- 
   [Bug 1962792] A patch has been submitted for	review
  
 From: Mahara Bot, 2022-03-03