Your message dated Wed, 25 Mar 2020 21:36:58 +0000
with message-id <[email protected]>
and subject line Bug#954666: fixed in phpmyadmin 4:4.9.5+dfsg1-1
has caused the Debian Bug report #954666,
regarding phpmyadmin: CVE-2020-10803
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
954666: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954666
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: phpmyadmin
Version: 4:4.9.4+dfsg1-1
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for phpmyadmn.
CVE-2020-10803[0]:
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection
| vulnerability was discovered where malicious code could be used to
| trigger an XSS attack through retrieving and displaying results (in
| tbl_get_field.php and libraries/classes/Display/Results.php). The
| attacker must be able to insert crafted data into certain database
| tables, which when retrieved (for instance, through the Browse tab)
| can trigger the XSS attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-10803
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803
[1] https://www.phpmyadmin.net/security/PMASA-2020-4/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: phpmyadmin
Source-Version: 4:4.9.5+dfsg1-1
Done: William Desportes <[email protected]>
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
William Desportes <[email protected]> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 Mar 2020 18:07:16 -0300
Source: phpmyadmin
Architecture: source
Version: 4:4.9.5+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: phpMyAdmin Packaging Team <[email protected]>
Changed-By: William Desportes <[email protected]>
Closes: 952308 954665 954666 954667 954766
Changes:
phpmyadmin (4:4.9.5+dfsg1-1) unstable; urgency=medium
.
* Set upstream metadata fields: Changelog, Documentation, FAQ, Donation,
Security-Contact.
* Bump Standards-Version to 4.5.0
* New upstream version 4.9.5 (Closes: #952308)
* Fixes: CVE-2020-10802, PMASA-2020-3, Closes: #954665
* Fixes: CVE-2020-10803, PMASA-2020-4, Closes: #954666
* Fixes: CVE-2020-10804, PMASA-2020-2, Closes: #954667
* Force to have phpMyAdmin sql-parser >= 4.5.0
* Force to have php-twig >= 2.9 (Closes: #954766)
Checksums-Sha1:
155c573ddcc203785483a928b115f1b4b4b4b93d 2720 phpmyadmin_4.9.5+dfsg1-1.dsc
92320709db89349dd855f0267b2109a3524b0171 11388708
phpmyadmin_4.9.5+dfsg1.orig.tar.xz
178782d1d302c786a8e5486ad47f61493d91d14a 84120
phpmyadmin_4.9.5+dfsg1-1.debian.tar.xz
Checksums-Sha256:
bdcbac51e854ebc80593d50b11b4a3f857c0c11ad900e8f2da6c28b6e9ed6c4b 2720
phpmyadmin_4.9.5+dfsg1-1.dsc
6625be4919ff14135c1daebdc0ae814575f779e810a8ab7ef75a3944c8b1439b 11388708
phpmyadmin_4.9.5+dfsg1.orig.tar.xz
3720ececccfdce754d33f540e5675a75b53bdccabbadc70c8532c9fcd3e26851 84120
phpmyadmin_4.9.5+dfsg1-1.debian.tar.xz
Files:
5c8161824220fe217657346ffb0658ed 2720 web optional phpmyadmin_4.9.5+dfsg1-1.dsc
ba940f39dcdc0471c725530134a40586 11388708 web optional
phpmyadmin_4.9.5+dfsg1.orig.tar.xz
5be8ad6a8f1011813b6a436766d07e41 84120 web optional
phpmyadmin_4.9.5+dfsg1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAyFiEEIY7gNiAzyHtsE1+ko7q64kCN1s8FAl57yTIUHGZzYXRlbGVy
QGRlYmlhbi5vcmcACgkQo7q64kCN1s9eSQ/3bi5z4G4GiXirh5jre19YW96JkDkH
khZqqLRqGPzla9G43eZmT4ybdtz68hZzMe9o5ZClbx462Cnyr6gs+Jd+RAr/R6U3
rH18WU17whwj7eQZG0yUNVWK+11V9OXKw4m/pCdCMxBwsoGrNvDMbnHuTgG1HN+I
8SKZmUCWT/6xKenRMEbu3iTPtvrVHTv+vUJP3eobiWXMyB6qITd4ntmEqRxEJqQQ
9ExN1JjJ6mol67P9ao7CvU6WJOZWw+KeNyWPOJEfWuJB9w+GoufzFuJvY6y2D0b9
BV2zu/r+issR+G7ZLUF/kOMkv6IKlPj3fgmYDanQ4JIQNmCDllIN5gM3ZN3n6X9o
E3oV0n/HKg8Ke+6rZ/VfL6GKWKJcz0gDuVyH1btpQrQVcD30hhBpTSMUCwSl6rfJ
gI59QYKTqe1i8axDWtQuXOdRFWq4OPkmKHb34WACkPTRScj7UiQbPB/b5Df9I34N
mM79brVrSpNiidXusBSGXI98cpHW2m9/eFtkywVTLLZoRh6L0LuVqjOkUFIVS6eO
DCgFtmGAxamRv340BNzBDGfWCicOxa+ueE9mY/flY1o1kKU0GvzijsFmrL/37Y86
s8OqSGY0Ju59ZwqrRjcmbH1PWOYxF1CQ3evqAvy8wFiTDpuq3nNCSDNDJrOCYV3b
3ddAJjldTibQFg==
=uq6T
-----END PGP SIGNATURE-----
--- End Message ---
