FSA/F7/FEDORA-2007-0249

From FedoraProject

< FSA | F7
Jump to: navigation, search

[SECURITY] Fedora 7 Update: php-pear-DB-1.7.11-1.fc7

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-0249
2007-06-06 09:42:51.850807
--------------------------------------------------------------------------------

Name        : php-pear-DB
Product     : Fedora 7
Version     : 1.7.11
Release     : 1.fc7
Summary     : PEAR: Database Abstraction Layer
Description :
DB is a database abstraction layer providing:
* an OO-style query API
* portability features that make programs written for one DBMS work with
other DBMS's
* a DSN (data source name) format for specifying database servers
* prepare/execute (bind) emulation for databases that don't support it natively
* a result object for each query response
* portable error codes
* sequence emulation
* sequential and non-sequential row fetching as well as bulk fetching
* formats fetched rows as associative arrays, ordered arrays or objects
* row limit support
* transactions support
* table information interface
* DocBook and phpDocumentor API documentation

DB layers itself on top of PHP's existing database extensions.

--------------------------------------------------------------------------------
Update Information:

1.7.11 : fbsql:
* Fixed commit and rollback to specify the handle to be used.

1.7.10 : mysqli:
* Added a type map for BIT fields.

1.7.9 : sybase:
* Added divide by zero error mapping.
* Added a specific quoteFloat() implementation along the same lines as fbsql.
* Updated tableInfo() to cope with old versions of ASE that don't have
sp_helpindex.

1.7.8 : DB:
* Added code to DB_result::numRows() to return correct results when limit
emulation is being used.
* Added DB::getDSNString() to allow pretty-printing of both string and array
DSNs, thereby improving the output of DB::connect() on error.
* Added DB_common::nextQueryIsManip() to explicitly hint that the next query is
a manipulation query and therefore ignore DB::isManip()
* Changed all freeResult() methods to check that the parameter is a resource
before calling the native function to free the result.
* Fixed DB_result::fetch*() to only increment their internal row_counters when
a row number has not been provided.
* Fixed quoting of float values to always have the decimal point as a point,
rather than a comma, irrespective of locale.
* Silenced errors on ini_set calls.
* Tweaked DB::isManip() to attempt to deal with SELECT queries that include the
word INTO in a non-keyword context.

fbsql:
* Fix DB_result::numRows() to return the correct value for limit queries.

ibase:
* Handled cases where ibase_prepare returns false.

ifx:
* Altered simpleQuery() to treat EXECUTE queries as being data-returning.

mssql:
* Altered nextId() to use IDENT_CURRENT instead of @@IDENTITY, thereby
resolving problems with concurrent nextId() calls.

mysqli:
* Added the mysterious 246 data type to the type map.
* Allowed the ssl option to be an integer

oci8:
* Added tracking of prepared queries to ensure that last_query is set properly
even when there are multiple prepared queries at a given time.
* Altered connect() to handle non-standard ports.
* Altered numRows() to properly restore last_query state.

pgsql:
* Added schema support to _pgFieldFlags.
* Updated pgsql escaping to use pg_escape_string when available.

1.7.7 : DB:
* added ability to specify port number when using unix sockets in DB::parseDSN()

odbc(access):
* Tweak quoteSmart() to allows MS Access to wrap dates in #'s.

dbase:
* Added DB_dbase::freeResult().

ifx:
* Added support for error codes as at Informix 10.

msql:
* Fix error mapping in PHP 5.2.

mssql:
* Use mssql_fetch_assoc() instead of mssql_fetch_array().
* Fix issues with delimited identifiers in mssql tableInfo().
* Added support for some of the key error codes introduced in SQL Server 2005.

mysql:
* fixed handling of fully qualified table names in tableInfo().
* Added support for new error codes in MySQL 5.

mysqli:
* worked around an issue in 'len' handling of tableInfo().
There is a bug in ext/mysqli or the mysqli docs.
* Added support for new error codes in MySQL 5.

oci8:
* Allowed old-style functions to use the database DSN field if hostspec isn't provided.

pgsql:
* When inserting to non-existant column, produce
proper error, "no such field", instead of
"no such table".
* If connection is lost, raise DB_ERROR_CONNECT_FAILED
instead of the generic DB_ERROR.
* Allow FETCH queries to return results.

sqlite:
* Fix bug sqlite:///:memory: trys to open file.
* Fix error mapping in PHP 5.2.

sybase:
* Allow connecting without specifying db name.
* Fix error mapping in PHP 5.2.

storage:
* Eliminate "Undefined index $vars" notice in store()
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 30 2007 Remi Collet <Fedora FamilleCollet com> 1.7.11-1
- update to 1.7.11
- add generated CHANGELOG
--------------------------------------------------------------------------------
References:

[ 1 ]  CVE-2006-2313
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313
[ 2 ]  CVE-2006-2314
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314
--------------------------------------------------------------------------------
Updated packages:

bc507f9048bb8671426354c44c0dc74b645666f9 php-pear-DB-1.7.11-1.fc7.noarch.rpm
7d36b19d115f4154d3a7da2cfda89f0360be57ca php-pear-DB-1.7.11-1.fc7.src.rpm

This update can be installed with the 'yum' update program.  Use 'yum update
package-name' at the command line.  For more information, refer to 'Managing
Software with yum,' available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------