Version in base suite: 5.22.9-0.1 Base version: libphp-adodb_5.22.9-0.1 Target version: libphp-adodb_5.22.9-0.1+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/libp/libphp-adodb/libphp-adodb_5.22.9-0.1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/libp/libphp-adodb/libphp-adodb_5.22.9-0.1+deb13u1.dsc changelog | 7 +++ patches/CVE-2025-54119-2.patch | 47 +++++++++++++++++++++ patches/CVE-2025-54119.patch | 89 +++++++++++++++++++++++++++++++++++++++++ patches/series | 2 4 files changed, 145 insertions(+) diff -Nru libphp-adodb-5.22.9/debian/changelog libphp-adodb-5.22.9/debian/changelog --- libphp-adodb-5.22.9/debian/changelog 2025-05-02 13:48:03.000000000 +0000 +++ libphp-adodb-5.22.9/debian/changelog 2025-12-03 04:46:43.000000000 +0000 @@ -1,3 +1,10 @@ +libphp-adodb (5.22.9-0.1+deb13u1) trixie; urgency=medium + + * Non-maintainer upload. + * Fix CVE-2025-54119: SQL injection in sqlite3 driver (Closes: #1110464) + + -- Abhijith PA Wed, 03 Dec 2025 10:16:43 +0530 + libphp-adodb (5.22.9-0.1) unstable; urgency=high * Non-maintainer upload. diff -Nru libphp-adodb-5.22.9/debian/patches/CVE-2025-54119-2.patch libphp-adodb-5.22.9/debian/patches/CVE-2025-54119-2.patch --- libphp-adodb-5.22.9/debian/patches/CVE-2025-54119-2.patch 1970-01-01 00:00:00.000000000 +0000 +++ libphp-adodb-5.22.9/debian/patches/CVE-2025-54119-2.patch 2025-11-03 07:21:37.000000000 +0000 @@ -0,0 +1,47 @@ +From 5b8bd52cdcffefb4ecded1b399c98cfa516afe03 Mon Sep 17 00:00:00 2001 +From: Damien Regad +Date: Sat, 19 Jul 2025 18:37:59 +0200 +Subject: [PATCH] Prevent SQL injection in sqlite3 driver + +Use query parameters instead of injecting the table name in the SQL, in +the following methods: +- metaColumns() +- metaForeignKeys() +- metaIndexes() + +Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability. + +Fixes #1083, CVE-2025-54119, GHSA-vf2r-cxg9-p7rf +--- +--- a/drivers/adodb-sqlite.inc.php ++++ b/drivers/adodb-sqlite.inc.php +@@ -95,7 +95,9 @@ class ADODB_sqlite extends ADOConnection + if ($this->fetchMode !== false) { + $savem = $this->SetFetchMode(false); + } +- $rs = $this->Execute("PRAGMA table_info('$table')"); ++ ++ $rs = $this->execute("PRAGMA table_info(?)", array($table)); ++ + if (isset($savem)) { + $this->SetFetchMode($savem); + } +@@ -167,7 +169,6 @@ class ADODB_sqlite extends ADOConnection + return ($col) ? "adodb_date2($fmt,$col)" : "adodb_date($fmt)"; + } + +- + function _createFunctions() + { + @sqlite_create_function($this->_connectionID, 'adodb_date', 'adodb_date', 1); +@@ -318,8 +319,8 @@ class ADODB_sqlite extends ADOConnection + if ($this->fetchMode !== FALSE) { + $savem = $this->SetFetchMode(FALSE); + } +- $SQL=sprintf("SELECT name,sql FROM sqlite_master WHERE type='index' AND tbl_name='%s'", strtolower($table)); +- $rs = $this->Execute($SQL); ++ $SQL="SELECT name,sql FROM sqlite_master WHERE type='index' AND tbl_name=?"; ++ $rs = $this->Execute($SQL,[strtolower($table)]); + if (!is_object($rs)) { + if (isset($savem)) { + $this->SetFetchMode($savem); diff -Nru libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch --- libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch 1970-01-01 00:00:00.000000000 +0000 +++ libphp-adodb-5.22.9/debian/patches/CVE-2025-54119.patch 2025-09-23 07:20:11.000000000 +0000 @@ -0,0 +1,89 @@ +From 5b8bd52cdcffefb4ecded1b399c98cfa516afe03 Mon Sep 17 00:00:00 2001 +From: Damien Regad +Date: Sat, 19 Jul 2025 18:37:59 +0200 +Subject: [PATCH] Prevent SQL injection in sqlite3 driver + +Use query parameters instead of injecting the table name in the SQL, in +the following methods: +- metaColumns() +- metaForeignKeys() +- metaIndexes() + +Thanks to Marco Nappi (@mrcnpp) for reporting this vulnerability. + +Fixes #1083, CVE-2025-54119, GHSA-vf2r-cxg9-p7rf +--- + drivers/adodb-sqlite3.inc.php | 37 ++++++++++++++--------------------- + 1 file changed, 15 insertions(+), 22 deletions(-) + +diff --git a/drivers/adodb-sqlite3.inc.php b/drivers/adodb-sqlite3.inc.php +index 7e5f5ffdc..564eec958 100644 +--- a/drivers/adodb-sqlite3.inc.php ++++ b/drivers/adodb-sqlite3.inc.php +@@ -168,7 +168,9 @@ function MetaColumns($table, $normalize=true) + if ($this->fetchMode !== false) { + $savem = $this->SetFetchMode(false); + } +- $rs = $this->Execute("PRAGMA table_info('$table')"); ++ ++ $rs = $this->execute("PRAGMA table_info(?)", array($table)); ++ + if (isset($savem)) { + $this->SetFetchMode($savem); + } +@@ -222,9 +224,8 @@ public function metaForeignKeys($table, $owner = '', $upper = false, $associati + ) + WHERE type != 'meta' + AND sql NOTNULL +- AND LOWER(name) ='" . strtolower($table) . "'"; +- +- $tableSql = $this->getOne($sql); ++ AND LOWER(name) = ?"; ++ $tableSql = $this->getOne($sql, [strtolower($table)]); + + $fkeyList = array(); + $ylist = preg_split("/,+/",$tableSql); +@@ -441,6 +442,7 @@ function metaIndexes($table, $primary = FALSE, $owner = false) + $savem = $this->SetFetchMode(FALSE); + } + ++ $table = strtolower($table); + $pragmaData = array(); + + /* +@@ -449,26 +451,17 @@ function metaIndexes($table, $primary = FALSE, $owner = false) + */ + if ($primary) + { +- $sql = sprintf('PRAGMA table_info([%s]);', +- strtolower($table) +- ); +- $pragmaData = $this->getAll($sql); ++ $sql = 'PRAGMA table_info(?)'; ++ $pragmaData = $this->getAll($sql, [$table]); + } + +- /* +- * Exclude the empty entry for the primary index +- */ +- $sqlite = "SELECT name,sql +- FROM sqlite_master +- WHERE type='index' +- AND sql IS NOT NULL +- AND LOWER(tbl_name)='%s'"; +- +- $SQL = sprintf($sqlite, +- strtolower($table) +- ); +- +- $rs = $this->execute($SQL); ++ // Exclude the empty entry for the primary index ++ $sql = "SELECT name,sql ++ FROM sqlite_master ++ WHERE type='index' ++ AND sql IS NOT NULL ++ AND LOWER(tbl_name)=?"; ++ $rs = $this->execute($sql, [$table]); + + if (!is_object($rs)) { + if (isset($savem)) { diff -Nru libphp-adodb-5.22.9/debian/patches/series libphp-adodb-5.22.9/debian/patches/series --- libphp-adodb-5.22.9/debian/patches/series 1970-01-01 00:00:00.000000000 +0000 +++ libphp-adodb-5.22.9/debian/patches/series 2025-11-03 07:21:29.000000000 +0000 @@ -0,0 +1,2 @@ +CVE-2025-54119.patch +CVE-2025-54119-2.patch