mahara-contributors team mailing list archive

Thread
Date

[Bug 1962792] A change has been merged

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Mahara Bot <1962792@xxxxxxxxxxxxxxxxxx>
Date: Wed, 13 Apr 2022 04:15:01 -0000
Reply-to: Bug 1962792 <1962792@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

Reviewed:  https://reviews.mahara.org/c/mahara/+/12595
Committed: https://git.mahara.org/mahara/mahara/commit/5fd4a38c286ba5824700cfa1a9eb653b4365f351
Submitter: "Robert Lyon <robertl@xxxxxxxxxxxxxxx>"
Branch:    main

commit 5fd4a38c286ba5824700cfa1a9eb653b4365f351
Author: Dianne Tennent <dianne.tennent@xxxxxxxxxxxxxxx>
Date:   Tue Apr 12 17:19:46 2022 +1200

Bug #1962792: Update version info in adodb/readme.mahara

Change-Id: Id9df1a52b7055e8b1d0d8bc69bc6d59dd8d7eddb

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: mahara-contributors
https://bugs.launchpad.net/bugs/1962792

Title:
  Upgrade ADOdb from v5.21.1 to v5.22.0

Status in Mahara:
  Fix Committed

Bug description:
  https://github.com/ADOdb/ADOdb/blob/v5.22.0/docs/changelog.md

  Includes a security patch for drivers/adodb-postgres64.inc.php:
  https://github.com/ADOdb/ADOdb/security/advisories/GHSA-65mj-7c86-79jf

  An attacker can inject values into a PostgreSQL connection string by
  providing a parameter surrounded by single quotes.

  Depending on how the library is used in the client software, this may
  allow an attacker to bypass the login process, gain access to the
  server's IP address, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1962792/+subscriptions

References

[Bug 1962792] [NEW] Upgrade ADOdb from v5.21.1 to v5.22.0
From: Dianne Tennent, 2022-03-03