On Tue, Nov 15, 2005 at 05:54:32PM +0100, Piotr Roszatycki wrote: > http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 reports > that sarge's phpmyadmin package has a security flaw which is occured only if > "register_globals = on" setting is used. > > This feature is disabled in Debian package by default so I doubt if this is > serious problem. I'd like to ask if I should prepare the new package for > sarge or not? >
According to the advisory, all versions < 2.6.4-pl4 are affected (2.7.0-beta1 from the development schema). This would mean that this affects sid and etch too. Has a bug been filed/a CVE number assigned for this? Cheers, Neil -- __ .` `. [EMAIL PROTECTED] | Application Manager : :' ! ---------------- | Secure-Testing Team member '. `- gpg: B345BDD3 | Webapps Team member `- Please don't cc, I'm subscribed to the list -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
