Your message dated Thu, 29 Feb 2024 10:13:15 +0000
with message-id <[email protected]>
and subject line Bug#1053004: fixed in phppgadmin 7.14.7+dfsg-1
has caused the Debian Bug report #1053004,
regarding phppgadmin: CVE-2023-40619
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1053004: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1053004
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: phppgadmin
Version: 7.13.0+dfsg-2
Severity: important
Tags: security upstream
Forwarded: https://github.com/phppgadmin/phppgadmin/issues/174
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for phppgadmin.
CVE-2023-40619[0]:
| phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of
| untrusted data which may lead to remote code execution because user-
| controlled data is directly passed to the PHP 'unserialize()'
| function in multiple places. An example is the functionality to
| manage tables in 'tables.php' where the 'ma[]' POST parameter is
| deserialized.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-40619
https://www.cve.org/CVERecord?id=CVE-2023-40619
[1] https://github.com/phppgadmin/phppgadmin/issues/174
[2] https://github.com/hestiacp/phppgadmin/pull/4
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: phppgadmin
Source-Version: 7.14.7+dfsg-1
Done: Leandro Cunha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
phppgadmin, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Leandro Cunha <[email protected]> (supplier of updated phppgadmin
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 28 Feb 2024 19:32:56 -0300
Source: phppgadmin
Architecture: source
Version: 7.14.7+dfsg-1
Distribution: unstable
Urgency: high
Maintainer: Debian PostgreSQL Maintainers <[email protected]>
Changed-By: Leandro Cunha <[email protected]>
Closes: 953945 1053004
Changes:
phppgadmin (7.14.7+dfsg-1) unstable; urgency=high
.
* Team upload.
* New upstream version.
* Fix deserialization of untrusted data. (Closes: #1053004, CVE-2023-40619)
* Fix validating the request originated. (Closes: #953945, CVE-2019-10784)
* d/watch: Change for get fork source (phppgadmin-mod of ReimuHakurei).
* d/upstream: Delete signing-key.asc, the repository changed.
* d/copyright: Update for new upstream and update year.
* d/control: Update homepage for new repository.
* d/patches all applied by new upstream:
- Drop credit-utf8.
- Drop fix-version-postgres.patch.
- Drop php8.
- Drop sequence_priviledge.
- Drop versionning-adodb5.21.
Checksums-Sha1:
4108226e078b91fe7a904790523d90a657c0a4a6 2016 phppgadmin_7.14.7+dfsg-1.dsc
b135e124e5f080f0998e1211fa5a8f558d27e9aa 438184
phppgadmin_7.14.7+dfsg.orig.tar.xz
f522f5e7ba2623c47ed82180d6a52d613cc0191d 13620
phppgadmin_7.14.7+dfsg-1.debian.tar.xz
Checksums-Sha256:
a5bcca448132ec6a2173cc3fa0a8ea81f6b671412f852bfb7550de48a598c405 2016
phppgadmin_7.14.7+dfsg-1.dsc
26acde794a6438c5560ef70766274f86e35ba7c1d31d92af504a189c9a018e64 438184
phppgadmin_7.14.7+dfsg.orig.tar.xz
cd1a1233634051e2f5f37afcc3cb3202262be885f52e6b40e12a43b81a57be8f 13620
phppgadmin_7.14.7+dfsg-1.debian.tar.xz
Files:
9d259149e83ba2fd61cd6a5377e6935c 2016 web optional phppgadmin_7.14.7+dfsg-1.dsc
2acb9a11ac14ac1ce5c68f8f2095f349 438184 web optional
phppgadmin_7.14.7+dfsg.orig.tar.xz
3e2b86d0228f1808e421adb8f8321a94 13620 web optional
phppgadmin_7.14.7+dfsg-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEXEj+YVf0kXlZcIfGTFprqxLSp64FAmXgSb0ACgkQTFprqxLS
p65K+A//X22orweDUyNzA6hlaoZ/zs7RfCUw7nlkuzKY/3ZOXUQ+u2iexS7V3Fmc
AEURKTu6z7Q7v7Y+OoSc6g9RykJ4VPwNrWbdvpzBP72fHoRgc92w2T78Vrj0YwAc
jUBiu/NM//wrIseIL4EiplVBfgDYFZn2XmAnxLSWK1zDk2G3O1zI4NLeNr+AH5jA
MYq3CzDtU/7c/3N5bVfUFphCEN8ChSYE3tFYjANvz1U5wdH4nqSNnVVSsLp3xC3A
WA76MWHsGt2r9gv8a8iVZtzsxwkZBB9ckQ4oV16OCg/eT32iVJ8PxUF04+uTb7g8
gs4Er38V/rJ7pO06TV5AyymoxPxHqQQaBX9uj4RwD7+qgwJRj8lPjnTGy1DwLaly
2S0MaKhIxS4jgtLYhmjfVCfcwcKAHu4qQ8jMnep4Sot/uBk8DAcnR/6Wbde3NmHA
FbaC3ucugfg/LBLm2mxMnNvHN1razPHPWqWcZewgpCeNwU0/5V35kklcv0WypdcZ
Q9GGqsFZIxS64YeYVy3LI9p3bN5EM8KI05Hhr75bz4we9H6jk9cyl0hcuxmhWuMC
Bkxpf/lP9CxmfTau7v1vaGzdmORMvQn0BVd746OTLR/uwowC2k11VPGepMY75GO6
WNMs8Ot4zgIEiCnBacrX2tdHxAKW5M84GR8lCMPeI9VhVSUePFU=
=pNLk
-----END PGP SIGNATURE-----
pgpCkfwKxC3VF.pgp
Description: PGP signature
--- End Message ---
