Your message dated Wed, 17 Oct 2007 21:17:03 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446451: fixed in phpmyadmin 4:2.11.1.2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: phpmyadmin
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has been issued against phpmyadmin.
You can find a patch below.
CVE-2007-5386:
Cross-site scripting (XSS) vulnerability in scripts/setup.php
in phpMyAdmin 2.11.1, when accessed by a browser that does
not URL-encode requests, allows remote attackers to inject
arbitrary web script or HTML via the query string. NOTE: some
of these details are obtained from third party information.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5386
diff -u phpmyadmin-2.11.1/debian/changelog phpmyadmin-2.11.1/debian/changelog
--- phpmyadmin-2.11.1/debian/changelog
+++ phpmyadmin-2.11.1/debian/changelog
@@ -1,3 +1,11 @@
+phpmyadmin (4:2.11.1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing-security team
+ * Include upstream patch for XSS vulnerability in scripts/setup.php
+ Fixes: CVE-2007-5386
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sat, 13 Oct 2007 05:12:44 +0000
+
phpmyadmin (4:2.11.1-1) unstable; urgency=low
* New upstream release.
diff -u phpmyadmin-2.11.1/debian/patches/00list
phpmyadmin-2.11.1/debian/patches/00list
--- phpmyadmin-2.11.1/debian/patches/00list
+++ phpmyadmin-2.11.1/debian/patches/00list
@@ -3,0 +4 @@
+041-CVE-2007-5386
only in patch2:
unchanged:
--- phpmyadmin-2.11.1.orig/debian/patches/041-CVE-2007-5386.dpatch
+++ phpmyadmin-2.11.1/debian/patches/041-CVE-2007-5386.dpatch
@@ -0,0 +1,21 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix CVE-2007-5386
+
[EMAIL PROTECTED]@
+
+--- ../old/phpmyadmin-2.11.1/scripts/setup.php 2007-09-20 16:35:14.000000000
+0000
++++ phpmyadmin-2.11.1/scripts/setup.php 2007-10-13 05:10:49.000000000
+0000
+@@ -1951,7 +1951,10 @@
+ if (empty($_SERVER['REQUEST_URI']) ||
empty($_SERVER['HTTP_HOST'])) {
+ $redir = '';
+ } else {
+- $redir = ' If your server is also configured to accept HTTPS
request follow <a href="https://' . $_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI'] . '">this link</a> to use secure connection.';
++ $redir = ' If your server is also configured to accept HTTPS
request'
++ . ' follow <a href="https://'
++ . htmlspecialchars($_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI'])
++ . '">this link</a> to use secure connection.';
+ }
+ message('warning', 'You are not using secure connection, all data
(including sensitive, like passwords) are transfered unencrypted!' . $redir,
'Not secure connection');
+ }
--- End Message ---
--- Begin Message ---
Source: phpmyadmin
Source-Version: 4:2.11.1.2-1
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:
phpmyadmin_2.11.1.2-1.diff.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.11.1.2-1.diff.gz
phpmyadmin_2.11.1.2-1.dsc
to pool/main/p/phpmyadmin/phpmyadmin_2.11.1.2-1.dsc
phpmyadmin_2.11.1.2-1_all.deb
to pool/main/p/phpmyadmin/phpmyadmin_2.11.1.2-1_all.deb
phpmyadmin_2.11.1.2.orig.tar.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.11.1.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 17 Oct 2007 22:54:41 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.11.1.2-1
Distribution: unstable
Urgency: high
Maintainer: Thijs Kinkhorst <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description:
phpmyadmin - Administrate MySQL over the WWW
Closes: 446451
Changes:
phpmyadmin (4:2.11.1.2-1) unstable; urgency=high
.
* New upstream release.
* Addresses two cross site scripting issues:
PMASA-2007-5, PMASA-2007-6
(CVE-2007-5386, closes: #446451)
Files:
85ff8bf04def7bf82c0eac6d1e4b5514 1113 web extra phpmyadmin_2.11.1.2-1.dsc
f7e79d86aa0a8c013d7dd6feb034808e 2855597 web extra
phpmyadmin_2.11.1.2.orig.tar.gz
9a816c698e9f16ece572c5c99868c1ff 31622 web extra phpmyadmin_2.11.1.2-1.diff.gz
e2a2cb9133c373e1ce87efdad624e225 2856572 web extra
phpmyadmin_2.11.1.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRxZ372z0hbPcukPfAQK8FAf/WzxDac8CsIPgLe5iGmVuDj3wBeo1b3zc
pM7kz8lFbmz6IidCac+6trMtwA7DyYLh0YI1YjiZXN3LR1c0f4lEFvJDkSuk7kpu
w5NFtY3sueM1svjgN/zvopdx9VHd95ZarG6jFMHiHYkxMYxQMFt52EBatderNkcZ
LVgEVVJ7A8lToieIWQ6V+qtXJu4HmGkbnMi71fJWkYmUGDD6eF3bAk23H4mllc4b
Z7P1kLDAaS2BEpjXneSMe8AdJFfo6kZcZYHMLWyw5/rzgt3MADxQqsvdeWXolJZM
3iMeVOzRKb6fweNH2FID6CmpAbJ9/FgPqx8IEuxxofEO0Fi4DIWKgw==
=eXug
-----END PGP SIGNATURE-----
--- End Message ---
