Package: moodle
Severity: important
Tags: patch
CVE-2006-0410
Andy Staudacher discovered a PostgreSQL SQL injection
vulnerability in libphp-adodb due to a failure to properly sanitize
user-supplied input before using it in a SQL query.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0410
The attached patch is what upstream used to fix this vulnerability.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15+vserver
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
diff -Nur libphp-adodb-4.52/build-tree/adodb/drivers/adodb-postgres64.inc.php libphp-adodb-4.52.new/build-tree/adodb/drivers/adodb-postgres64.inc.php
--- libphp-adodb-4.52/build-tree/adodb/drivers/adodb-postgres64.inc.php 2004-08-10 01:26:27.000000000 -0700
+++ libphp-adodb-4.52.new/build-tree/adodb/drivers/adodb-postgres64.inc.php 2006-03-24 15:49:22.000000000 -0800
@@ -214,7 +214,7 @@
return $ret;
}
- /*
+
// if magic quotes disabled, use pg_escape_string()
function qstr($s,$magic_quotes=false)
{
@@ -223,7 +223,7 @@
return "'".pg_escape_string($s)."'";
}
if ($this->replaceQuote[0] == '\\'){
- $s = adodb_str_replace(array('\\',"\0"),array('\\\\',"\\\0"),$s);
+ $s = adodb_str_replace(array('\\',"\0"),array('\\\\',"\\\\000"),$s);
}
return "'".str_replace("'",$this->replaceQuote,$s)."'";
}
@@ -232,7 +232,7 @@
$s = str_replace('\\"','"',$s);
return "'$s'";
}
- */
+
// Format date column in sql string given an input format that understands Y M D
