Your message dated Wed, 16 Nov 2005 14:47:15 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#339437: fixed in phpmyadmin 4:2.6.4-pl4-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 Nov 2005 10:23:12 +0000
>From [EMAIL PROTECTED] Wed Nov 16 02:23:12 2005
Return-path: <[EMAIL PROTECTED]>
Received: from r5ap74.chello.upc.cz ([86.49.49.74] helo=cihar.com)
by spohr.debian.org with esmtp (Exim 4.50)
id 1EcKRc-0008Od-Ca
for [EMAIL PROTECTED]; Wed, 16 Nov 2005 02:23:12 -0800
Received: from michal by cihar.com with local (Exim 4.54)
id 1EcKRm-0002ZC-0G; Wed, 16 Nov 2005 11:23:22 +0100
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="UTF-8"
From: =?utf-8?b?TWljaGFsIMSMaWhhxZk=?= <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: HTTP Response Splitting vulnerability
X-Mailer: reportbug 3.17
Date: Wed, 16 Nov 2005 11:23:21 +0100
X-Debbugs-Cc: Debian Security Team <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
Package: phpmyadmin
Version: 4:2.6.4-pl3-1
Severity: grave
Tags: security
Hi
I'm not sure if you're aware of new security issue found in phpMyAdmin:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6
I know it's too young to be already in archives, however I just want to
notify you.
--
Michal ÄihaÅ | http://cihar.com
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.14-raptor
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages phpmyadmin depends on:
ii apache2-mpm-prefork [httpd] 2.0.55-3 traditional model for Apache2
ii debconf [debconf-2.0] 1.4.59 Debian configuration management sy
ii php5-cgi 5.0.5-3 server-side, HTML-embedded scripti
ii php5-mysql 5.0.5-3 MySQL module for php5
ii ucf 2.003 Update Configuration File: preserv
Versions of packages phpmyadmin recommends:
pn php4-mcrypt | php5-mcrypt <none> (no description available)
-- debconf information:
* phpmyadmin/reconfigure-webserver: apache2
* phpmyadmin/restart-webserver: true
---------------------------------------
Received: (at 339437-close) by bugs.debian.org; 16 Nov 2005 22:51:37 +0000
>From [EMAIL PROTECTED] Wed Nov 16 14:51:37 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EcW3f-00037r-7X; Wed, 16 Nov 2005 14:47:15 -0800
From: Piotr Roszatycki <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#339437: fixed in phpmyadmin 4:2.6.4-pl4-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 16 Nov 2005 14:47:15 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: phpmyadmin
Source-Version: 4:2.6.4-pl4-1
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:
phpmyadmin_2.6.4-pl4-1.diff.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl4-1.diff.gz
phpmyadmin_2.6.4-pl4-1.dsc
to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl4-1.dsc
phpmyadmin_2.6.4-pl4-1_all.deb
to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl4-1_all.deb
phpmyadmin_2.6.4-pl4.orig.tar.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl4.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Piotr Roszatycki <[EMAIL PROTECTED]> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 16 Nov 2005 13:10:14 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.6.4-pl4-1
Distribution: unstable
Urgency: high
Maintainer: Piotr Roszatycki <[EMAIL PROTECTED]>
Changed-By: Piotr Roszatycki <[EMAIL PROTECTED]>
Description:
phpmyadmin - set of PHP-scripts to administrate MySQL over the WWW
Closes: 324318 339437
Changes:
phpmyadmin (4:2.6.4-pl4-1) unstable; urgency=high
.
* New upstream release.
* Security fix: HTTP Response Splitting vulnerability.
See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6
See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3621
Closes: #339437.
* New 105-bug_debian_324318.patch:
- Always set the default configuration values, even if the config.inc.php
file seems to be up to date. This fix allows to utilise more than three
databases. Closes: #324318.
Files:
2a07cfd00911c40363b72355cd869b89 646 web extra phpmyadmin_2.6.4-pl4-1.dsc
4dcc7722547d8164078a76156a193905 2777887 web extra
phpmyadmin_2.6.4-pl4.orig.tar.gz
f07a34fc93b97f07d05014d20d7045db 31816 web extra phpmyadmin_2.6.4-pl4-1.diff.gz
349d14bc99a2d5244420539aad400955 2900418 web extra
phpmyadmin_2.6.4-pl4-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDe6iyhMHHe8CxClsRAtkiAKCyIZ3AAdIeqomGzUdKGxTJElPA6ACfaVn9
58LgJA0IU1SFelRIjdExPQI=
=Sc5a
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
