[pkg-php-pear] Bug#980899: php-illuminate-database: CVE-2021-21263 Query Binding Exploitation

David Prévot taffit at debian.org
Sat Jan 23 22:49:24 GMT 2021


Package: php-illuminate-database
Version: 5.7.27-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: Robin Gustafsson <robin at rgson.se>, Debian Security Team <team at security.debian.org>

Hi,

A quick look at the php-illuminate-database code, as shipped in stable,
makes me think that it is probably vulnerable to CVE-2021-21263 as fixed
in 6.20.11 (and its follow up in 6.20.14 since the initial fix was
incomplete) already fixed in Debian testing via php-laravel-framework
source.

Regards

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20210123/4ea8716f/attachment.sig>


More information about the pkg-php-pear mailing list