The branch, master has been updated
via 0ba391899c7a615b296db5a615af5420fe39425e (commit)
from e82bd718d317feab97dc8e13e8a8d7d20fd9988d (commit)
- Log -----------------------------------------------------------------
commit 0ba391899c7a615b296db5a615af5420fe39425e
Author: Michal Čihař <[email protected]>
Date: Sat Dec 11 20:44:03 2010 +0100
Announce security issues fixed in beta1
-----------------------------------------------------------------------
Summary of changes:
templates/security/PMASA-2010-10 | 54 ++++++++++++++++++++++++++++++++++++++
templates/security/PMASA-2010-9 | 49 ++++++++++++++++++++++++++++++++++
2 files changed, 103 insertions(+), 0 deletions(-)
create mode 100644 templates/security/PMASA-2010-10
create mode 100644 templates/security/PMASA-2010-9
diff --git a/templates/security/PMASA-2010-10 b/templates/security/PMASA-2010-10
new file mode 100644
index 0000000..bfa7c05
--- /dev/null
+++ b/templates/security/PMASA-2010-10
@@ -0,0 +1,54 @@
+<html xmlns:py="http://genshi.edgewall.org/";
xmlns:xi="http://www.w3.org/2001/XInclude"; py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2010-10
+</py:def>
+
+<py:def function="announcement_date">
+2010-12-07
+</py:def>
+
+<py:def function="announcement_summary">
+Possible information disclosure.
+</py:def>
+
+<py:def function="announcement_description">
+Unauthenticated user was able to display phpinfo output if phpMyAdmin was
+enabled to show it.
+</py:def>
+
+<py:def function="announcement_severity">
+The issue is considered minor, because this feature is not enabled in default
+installation.
+</py:def>
+
+<py:def function="announcement_mitigation">
+Default installation is not affected, because $cfg['ShowPhpInfo'] is false by
+default.
+</py:def>
+
+<py:def function="announcement_affected">
+All versions prior to 3.4.0-beta1.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.4.0-beta1 or newer or apply patch listed below.
+</py:def>
+
+<!--! Links to reporter etc, do not forget to escape & to & -->
+<py:def function="announcement_references">
+This issue was reported by <a href="mailto:[email protected]";>Jörg
+Sommer</a>.
+</py:def>
+
+<!--! CVE ID of the report, this is automatically added to references -->
+<py:def function="announcement_cve">CVE-2010-4481</py:def>
+
+<py:def function="announcement_cwe">661 200</py:def>
+
+<py:def function="announcement_commits">
+4d9fd005671b05c4d74615d5939ed45e4d019e4c
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>
diff --git a/templates/security/PMASA-2010-9 b/templates/security/PMASA-2010-9
new file mode 100644
index 0000000..2a40a9f
--- /dev/null
+++ b/templates/security/PMASA-2010-9
@@ -0,0 +1,49 @@
+<html xmlns:py="http://genshi.edgewall.org/";
xmlns:xi="http://www.w3.org/2001/XInclude"; py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2010-9
+</py:def>
+
+<py:def function="announcement_date">
+2010-12-07
+</py:def>
+
+<py:def function="announcement_summary">
+Unvalidated input on error page.
+</py:def>
+
+<py:def function="announcement_description">
+It was possible to display arbitrary text and link to external site using
+parameters passed to particular script.
+</py:def>
+
+<py:def function="announcement_severity">
+This issue is considered minor, because the only purpose of affected file is to
+display an error message.
+</py:def>
+
+<py:def function="announcement_affected">
+All versions prior to 3.4.0-beta1.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.4.0-beta1 or newer or apply patch listed below.
+</py:def>
+
+<!--! Links to reporter etc, do not forget to escape & to & -->
+<py:def function="announcement_references">
+This issue was reported by <a
+href="http://www.exploit-db.com/exploits/15699/";>Tiger Security Team</a>.
+</py:def>
+
+<!--! CVE ID of the report, this is automatically added to references -->
+<py:def function="announcement_cve">CVE-2010-4480</py:def>
+
+<py:def function="announcement_cwe">661 20</py:def>
+
+<py:def function="announcement_commits">
+aa6fec0532a9dd48d4e35831c1b1c9785c124dd7
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>
hooks/post-receive
--
phpMyAdmin website
------------------------------------------------------------------------------
Oracle to DB2 Conversion Guide: Learn learn about native support for PL/SQL,
new data types, scalar functions, improved concurrency, built-in packages,
OCI, SQL*Plus, data movement tools, best practices and more.
http://p.sf.net/sfu/oracle-sfdev2dev
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git
