Description of problem: Seems like we didn't fix the upstream (impact=critical) bug #10024. See URL for details. We should deal with it as soon as possible. Version-Release number of selected component (if applicable): php-pear-MDB2-2.4.1-1.fc7 Additional information: The usptream fix is here: http://marc.info/?l=pear-cvs&m=117823082829114&w=2
CVE identifier was requested. At the first glance it looks like these three packages have to be updated simultaneously, am I right? If not, please close appropriate tracking bugs. php-pear-MDB2 php-pear-MDB2-Driver-mysql php-pear-MDB2-Driver-mysqli
php-pear-MDB2-Driver-mysql-1.4.1-3.fc7, php-pear-MDB2-Driver-mysqli-1.4.1-3.fc7, php-pear-MDB2-2.4.1-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
php-pear-MDB2-Driver-mysqli-1.4.1-3.fc8, php-pear-MDB2-Driver-mysql-1.4.1-3.fc8.1, php-pear-MDB2-2.4.1-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Since installing this RPM over my own hand-rolled (basically the same RPM, just without the security patch), all of my MDB2 stuff (all PostgreSQL btw) spews these errors: PHP Notice: Undefined property: MDB2_Statement_pgsql::$options in /usr/share/pear/MDB2/Driver/pgsql.php on line 1354 Pulling out that patch (php-pear-MDB2-Driver-pgsql-1.4.1-lob.patch) resolves the issue. Has upstream provided a newer version of that patch possibly?