From Fedora Project Wiki
[SECURITY] Fedora 7 Update: php-pear-DB-1.7.11-1.fc7
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2007-0249 2007-06-06 09:42:51.850807 -------------------------------------------------------------------------------- Name : php-pear-DB Product : Fedora 7 Version : 1.7.11 Release : 1.fc7 Summary : PEAR: Database Abstraction Layer Description : DB is a database abstraction layer providing: * an OO-style query API * portability features that make programs written for one DBMS work with other DBMS's * a DSN (data source name) format for specifying database servers * prepare/execute (bind) emulation for databases that don't support it natively * a result object for each query response * portable error codes * sequence emulation * sequential and non-sequential row fetching as well as bulk fetching * formats fetched rows as associative arrays, ordered arrays or objects * row limit support * transactions support * table information interface * DocBook and phpDocumentor API documentation DB layers itself on top of PHP's existing database extensions. -------------------------------------------------------------------------------- Update Information: 1.7.11 : fbsql: * Fixed commit and rollback to specify the handle to be used. 1.7.10 : mysqli: * Added a type map for BIT fields. 1.7.9 : sybase: * Added divide by zero error mapping. * Added a specific quoteFloat() implementation along the same lines as fbsql. * Updated tableInfo() to cope with old versions of ASE that don't have sp_helpindex. 1.7.8 : DB: * Added code to DB_result::numRows() to return correct results when limit emulation is being used. * Added DB::getDSNString() to allow pretty-printing of both string and array DSNs, thereby improving the output of DB::connect() on error. * Added DB_common::nextQueryIsManip() to explicitly hint that the next query is a manipulation query and therefore ignore DB::isManip() * Changed all freeResult() methods to check that the parameter is a resource before calling the native function to free the result. * Fixed DB_result::fetch*() to only increment their internal row_counters when a row number has not been provided. * Fixed quoting of float values to always have the decimal point as a point, rather than a comma, irrespective of locale. * Silenced errors on ini_set calls. * Tweaked DB::isManip() to attempt to deal with SELECT queries that include the word INTO in a non-keyword context. fbsql: * Fix DB_result::numRows() to return the correct value for limit queries. ibase: * Handled cases where ibase_prepare returns false. ifx: * Altered simpleQuery() to treat EXECUTE queries as being data-returning. mssql: * Altered nextId() to use IDENT_CURRENT instead of @@IDENTITY, thereby resolving problems with concurrent nextId() calls. mysqli: * Added the mysterious 246 data type to the type map. * Allowed the ssl option to be an integer oci8: * Added tracking of prepared queries to ensure that last_query is set properly even when there are multiple prepared queries at a given time. * Altered connect() to handle non-standard ports. * Altered numRows() to properly restore last_query state. pgsql: * Added schema support to _pgFieldFlags. * Updated pgsql escaping to use pg_escape_string when available. 1.7.7 : DB: * added ability to specify port number when using unix sockets in DB::parseDSN() odbc(access): * Tweak quoteSmart() to allows MS Access to wrap dates in #'s. dbase: * Added DB_dbase::freeResult(). ifx: * Added support for error codes as at Informix 10. msql: * Fix error mapping in PHP 5.2. mssql: * Use mssql_fetch_assoc() instead of mssql_fetch_array(). * Fix issues with delimited identifiers in mssql tableInfo(). * Added support for some of the key error codes introduced in SQL Server 2005. mysql: * fixed handling of fully qualified table names in tableInfo(). * Added support for new error codes in MySQL 5. mysqli: * worked around an issue in 'len' handling of tableInfo(). There is a bug in ext/mysqli or the mysqli docs. * Added support for new error codes in MySQL 5. oci8: * Allowed old-style functions to use the database DSN field if hostspec isn't provided. pgsql: * When inserting to non-existant column, produce proper error, "no such field", instead of "no such table". * If connection is lost, raise DB_ERROR_CONNECT_FAILED instead of the generic DB_ERROR. * Allow FETCH queries to return results. sqlite: * Fix bug sqlite:///:memory: trys to open file. * Fix error mapping in PHP 5.2. sybase: * Allow connecting without specifying db name. * Fix error mapping in PHP 5.2. storage: * Eliminate "Undefined index $vars" notice in store() -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 30 2007 Remi Collet <Fedora FamilleCollet com> 1.7.11-1 - update to 1.7.11 - add generated CHANGELOG -------------------------------------------------------------------------------- References: [ 1 ] CVE-2006-2313 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2313 [ 2 ] CVE-2006-2314 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2314 -------------------------------------------------------------------------------- Updated packages: bc507f9048bb8671426354c44c0dc74b645666f9 php-pear-DB-1.7.11-1.fc7.noarch.rpm 7d36b19d115f4154d3a7da2cfda89f0360be57ca php-pear-DB-1.7.11-1.fc7.src.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at http://docs.fedoraproject.org/yum/. --------------------------------------------------------------------------------