FSA/F7/FEDORA-2007-0249

[SECURITY] Fedora 7 Update: php-pear-DB-1.7.11-1.fc7
Fedora Update Notification FEDORA-2007-0249 2007-06-06 09:42:51.850807

Name       : php-pear-DB Product    : Fedora 7 Version    : 1.7.11 Release    : 1.fc7 Summary    : PEAR: Database Abstraction Layer Description : DB is a database abstraction layer providing: other DBMS's
 * an OO-style query API
 * portability features that make programs written for one DBMS work with
 * a DSN (data source name) format for specifying database servers
 * prepare/execute (bind) emulation for databases that don't support it natively
 * a result object for each query response
 * portable error codes
 * sequence emulation
 * sequential and non-sequential row fetching as well as bulk fetching
 * formats fetched rows as associative arrays, ordered arrays or objects
 * row limit support
 * transactions support
 * table information interface
 * DocBook and phpDocumentor API documentation

DB layers itself on top of PHP's existing database extensions.

Update Information:

1.7.11 : fbsql:
 * Fixed commit and rollback to specify the handle to be used.

1.7.10 : mysqli:
 * Added a type map for BIT fields.

1.7.9 : sybase: sp_helpindex.
 * Added divide by zero error mapping.
 * Added a specific quoteFloat implementation along the same lines as fbsql.
 * Updated tableInfo to cope with old versions of ASE that don't have

1.7.8 : DB: emulation is being used. DSNs, thereby improving the output of DB::connect on error. a manipulation query and therefore ignore DB::isManip before calling the native function to free the result. a row number has not been provided. rather than a comma, irrespective of locale. word INTO in a non-keyword context.
 * Added code to DB_result::numRows to return correct results when limit
 * Added DB::getDSNString to allow pretty-printing of both string and array
 * Added DB_common::nextQueryIsManip to explicitly hint that the next query is
 * Changed all freeResult methods to check that the parameter is a resource
 * Fixed DB_result::fetch* to only increment their internal row_counters when
 * Fixed quoting of float values to always have the decimal point as a point,
 * Silenced errors on ini_set calls.
 * Tweaked DB::isManip to attempt to deal with SELECT queries that include the

fbsql:
 * Fix DB_result::numRows to return the correct value for limit queries.

ibase:
 * Handled cases where ibase_prepare returns false.

ifx:
 * Altered simpleQuery to treat EXECUTE queries as being data-returning.

mssql: resolving problems with concurrent nextId calls.
 * Altered nextId to use IDENT_CURRENT instead of @@IDENTITY, thereby

mysqli:
 * Added the mysterious 246 data type to the type map.
 * Allowed the ssl option to be an integer

oci8: even when there are multiple prepared queries at a given time.
 * Added tracking of prepared queries to ensure that last_query is set properly
 * Altered connect to handle non-standard ports.
 * Altered numRows to properly restore last_query state.

pgsql:
 * Added schema support to _pgFieldFlags.
 * Updated pgsql escaping to use pg_escape_string when available.

1.7.7 : DB:
 * added ability to specify port number when using unix sockets in DB::parseDSN

odbc(access):
 * Tweak quoteSmart to allows MS Access to wrap dates in #'s.

dbase:
 * Added DB_dbase::freeResult.

ifx:
 * Added support for error codes as at Informix 10.

msql:
 * Fix error mapping in PHP 5.2.

mssql:
 * Use mssql_fetch_assoc instead of mssql_fetch_array.
 * Fix issues with delimited identifiers in mssql tableInfo.
 * Added support for some of the key error codes introduced in SQL Server 2005.

mysql:
 * fixed handling of fully qualified table names in tableInfo.
 * Added support for new error codes in MySQL 5.

mysqli: There is a bug in ext/mysqli or the mysqli docs.
 * worked around an issue in 'len' handling of tableInfo.
 * Added support for new error codes in MySQL 5.

oci8:
 * Allowed old-style functions to use the database DSN field if hostspec isn't provided.

pgsql: proper error, "no such field", instead of "no such table". instead of the generic DB_ERROR.
 * When inserting to non-existant column, produce
 * If connection is lost, raise DB_ERROR_CONNECT_FAILED
 * Allow FETCH queries to return results.

sqlite:
 * Fix bug sqlite:///:memory: trys to open file.
 * Fix error mapping in PHP 5.2.

sybase:
 * Allow connecting without specifying db name.
 * Fix error mapping in PHP 5.2.

storage:
 * Eliminate "Undefined index $vars" notice in store

ChangeLog:

- update to 1.7.11 - add generated CHANGELOG
 * Mon Apr 30 2007 Remi Collet  1.7.11-1

References:

[ 1 ] CVE-2006-2313 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313 [ 2 ] CVE-2006-2314 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314

Updated packages:

bc507f9048bb8671426354c44c0dc74b645666f9 php-pear-DB-1.7.11-1.fc7.noarch.rpm 7d36b19d115f4154d3a7da2cfda89f0360be57ca php-pear-DB-1.7.11-1.fc7.src.rpm

This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://docs.fedoraproject.org/yum/.