The branch, master has been updated
via 93b17ee20ed413d79e41250f1cc55ae9961f3123 (commit)
from b5731f4ca159230c34db6ce111617ca27b1b2867 (commit)
- Log -----------------------------------------------------------------
commit 93b17ee20ed413d79e41250f1cc55ae9961f3123
Author: Marc Delisle <[email protected]>
Date: Sun Jul 3 09:58:15 2011 -0400
Clarify vulnerable PHP versions; new CWE ids
-----------------------------------------------------------------------
Summary of changes:
templates/security/PMASA-2011-5 | 6 +++++-
templates/security/PMASA-2011-7 | 10 ++++++++--
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/templates/security/PMASA-2011-5 b/templates/security/PMASA-2011-5
index 0661593..b21c291 100644
--- a/templates/security/PMASA-2011-5
+++ b/templates/security/PMASA-2011-5
@@ -10,6 +10,10 @@ PMASA-2011-5
2011-07-02
</py:def>
+<py:def function="announcement_updated">
+2011-07-03
+</py:def>
+
<py:def function="announcement_summary">
Possible session manipulation in Swekey authentication.
</py:def>
@@ -43,7 +47,7 @@ This issue was found by Frans Pehrson from <a
href="http://www.xxor.se";>Xxor AB<
<!--! CVE ID of the report, this is automatically added to references -->
<py:def function="announcement_cve">CVE-2011-2505</py:def>
-<py:def function="announcement_cwe">661</py:def>
+<py:def function="announcement_cwe">473 661</py:def>
<py:def function="announcement_commits">
7ebd958b2bf59f96fecd5b3322bdbd0b244a7967
diff --git a/templates/security/PMASA-2011-7 b/templates/security/PMASA-2011-7
index 6a1aeb6..294d7d7 100644
--- a/templates/security/PMASA-2011-7
+++ b/templates/security/PMASA-2011-7
@@ -10,12 +10,16 @@ PMASA-2011-7
2011-07-02
</py:def>
+<py:def function="announcement_updated">
+2011-07-03
+</py:def>
+
<py:def function="announcement_summary">
Regular expression quoting issue in Synchronize code.
</py:def>
<py:def function="announcement_description">
-Through a possible bug in PHP running on Windows systems a null byte can
truncate the pattern string allowing an attacker to inject the /e modifier
causing the preg_replace function to execute its second argument as PHP code.
+Through a possible bug in PHP, a null byte can truncate the pattern string
allowing an attacker to inject the /e modifier causing the preg_replace
function to execute its second argument as PHP code.
</py:def>
<py:def function="announcement_severity">
@@ -23,7 +27,9 @@ We consider this vulnerability to be serious.
</py:def>
<py:def function="announcement_mitigation">
-Only PHP running on Windows has been found to be vulnerable, Linux and OpenBSD
are not affected.
+All PHP versions that were current at the time of the advisory (5.3.6,
+5.2.17) on all OS are vulnerable, unless the Suhosin patch has been
+installed.
</py:def>
<py:def function="announcement_affected">
hooks/post-receive
--
phpMyAdmin website
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git
