The branch, master has been updated
via cbcceee4553b04209c53e6f0470f7c653fa4496e (commit)
via d02c2862658b606340faa7c663d7aa6260a9e959 (commit)
from c9b42a3a8dd42964d47c075822ca0d4023aace30 (commit)
- Log -----------------------------------------------------------------
commit cbcceee4553b04209c53e6f0470f7c653fa4496e
Merge: d02c2862658b606340faa7c663d7aa6260a9e959
c9b42a3a8dd42964d47c075822ca0d4023aace30
Author: Marc Delisle <[email protected]>
Date: Tue Feb 8 10:12:51 2011 -0500
Merge branch 'master' of
ssh://phpmyadmin.git.sourceforge.net/gitroot/phpmyadmin/website
commit d02c2862658b606340faa7c663d7aa6260a9e959
Author: Marc Delisle <[email protected]>
Date: Tue Feb 8 10:12:16 2011 -0500
New SA
-----------------------------------------------------------------------
Summary of changes:
templates/security/PMASA-2011-1 | 53 +++++++++++++++++++++++++++++++++++++++
1 files changed, 53 insertions(+), 0 deletions(-)
create mode 100644 templates/security/PMASA-2011-1
diff --git a/templates/security/PMASA-2011-1 b/templates/security/PMASA-2011-1
new file mode 100644
index 0000000..015ec6b
--- /dev/null
+++ b/templates/security/PMASA-2011-1
@@ -0,0 +1,53 @@
+<html xmlns:py="http://genshi.edgewall.org/";
xmlns:xi="http://www.w3.org/2001/XInclude"; py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2011-1
+</py:def>
+
+<py:def function="announcement_date">
+2011-02-08
+</py:def>
+
+<py:def function="announcement_summary">
+Path disclosure when some files have been removed
+</py:def>
+
+<py:def function="announcement_description">
+When the files README, ChangeLog or LICENSE have been removed from their
+original place (possibly by the distributor), the scripts used to display
+these files can show their full path, leading to possible further attacks.
+</py:def>
+
+<py:def function="announcement_mitigation">
+For the error messages to be displayed, php.ini's error_reporting must be set
+to E_ALL and display_errors must be On (these settings are not recommended
+on a production server in the PHP manual).
+</py:def>
+
+<py:def function="announcement_severity">
+We consider this vulnerability to be non critical.
+</py:def>
+
+<py:def function="announcement_affected">
+The 2.11.x and 3.3.x versions are affected.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.3.9.1 or newer (2.11.11.2 or newer for the older
+family) or apply the related patch listed below.
+</py:def>
+
+<py:def function="announcement_references">
+Thanks to MustLive from <a href="http://websecurity.com.ua";>Websecurity</a>
+ for reporting this issue.
+</py:def>
+
+<py:def function="announcement_cve">CVE-xxxx-xxxx</py:def>
+
+<py:def function="announcement_cwe">661 200</py:def>
+
+<py:def function="announcement_commits">
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>
hooks/post-receive
--
phpMyAdmin website
------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git
