[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. 5b7fa0538813d55eb5ff980a6461e1ef23f0c52d

Marc Delisle Wed, 21 Dec 2011 12:38:47 -0800

The branch, master has been updated
       via  5b7fa0538813d55eb5ff980a6461e1ef23f0c52d (commit)
       via  016be749df737089e59e3c8152d491d50e34c559 (commit)
       via  0d8171b33aefc983404036b39dbea74919325ddd (commit)
      from  0f8b2603b5a9b1d6765804deee11d056e549404b (commit)



- Log -----------------------------------------------------------------
commit 5b7fa0538813d55eb5ff980a6461e1ef23f0c52d
Author: Marc Delisle <[email protected]>
Date:   Wed Dec 21 15:38:00 2011 -0500

    Announcement date

commit 016be749df737089e59e3c8152d491d50e34c559
Author: Marc Delisle <[email protected]>
Date:   Mon Dec 19 12:42:44 2011 -0500

    PMASA-2011-19

commit 0d8171b33aefc983404036b39dbea74919325ddd
Author: Dieter Adriaenssens <[email protected]>
Date:   Mon Dec 19 16:59:42 2011 +0100

    PMASA-2011-20

-----------------------------------------------------------------------

Summary of changes:
 .../security/{PMASA-2011-16 => PMASA-2011-19}      |   13 ++---
 templates/security/PMASA-2011-20                   |   50 ++++++++++++++++++++
 2 files changed, 56 insertions(+), 7 deletions(-)
 copy templates/security/{PMASA-2011-16 => PMASA-2011-19} (76%)
 create mode 100644 templates/security/PMASA-2011-20

diff --git a/templates/security/PMASA-2011-16 b/templates/security/PMASA-2011-19
similarity index 76%
copy from templates/security/PMASA-2011-16
copy to templates/security/PMASA-2011-19
index ae8b644..c474d90 100644
--- a/templates/security/PMASA-2011-16
+++ b/templates/security/PMASA-2011-19
@@ -1,11 +1,11 @@
 <html xmlns:py="http://genshi.edgewall.org/"; 
xmlns:xi="http://www.w3.org/2001/XInclude"; py:strip="">
 
 <py:def function="announcement_id">
-PMASA-2011-16
+PMASA-2011-19
 </py:def>
 
 <py:def function="announcement_date">
-2011-10-17
+2011-12-21
 </py:def>
 
 <py:def function="announcement_summary">
@@ -33,20 +33,19 @@ Versions 3.4.x are affected.
 </py:def>
 
 <py:def function="announcement_solution">
-Upgrade to phpMyAdmin 3.4.6 or newer or apply the related patch listed below.
+Upgrade to phpMyAdmin 3.4.9 or newer or apply the related patch listed below.
 </py:def>
 
 <py:def function="announcement_references">
-Thanks to Jakub Gałczyk (<a 
href="http://hauntit.blogspot.com";>http://hauntit.blogspot.com</a>) for 
reporting this issue.
+Thanks to Jason Leyrer of Trustwave SpiderLabs for finding this issue and to 
Robert Foggia (same company) for contacting us.
 </py:def>
 
-<py:def function="announcement_cve">CVE-2011-4064</py:def>
+<py:def function="announcement_cve">CVE-2011-4782</py:def>
 
 <py:def function="announcement_cwe">661 79</py:def>
 
 <py:def function="announcement_commits">
-ca597dc423f3eebcca95ff33b088a03e39109115
-1af420e22367ae72ff4091adb1620e59ddad5ba6
+0e707906e69ce90c4852a0fce2a0fac7db86a3cd
 </py:def>
 
 <xi:include href="_page.tpl" />
diff --git a/templates/security/PMASA-2011-20 b/templates/security/PMASA-2011-20
new file mode 100644
index 0000000..2f51623
--- /dev/null
+++ b/templates/security/PMASA-2011-20
@@ -0,0 +1,50 @@
+<html xmlns:py="http://genshi.edgewall.org/"; 
xmlns:xi="http://www.w3.org/2001/XInclude"; py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2011-20
+</py:def>
+
+<py:def function="announcement_date">
+2011-12-21
+</py:def>
+
+<py:def function="announcement_summary">
+XSS in export.
+</py:def>
+
+<py:def function="announcement_description">
+Using crafted url parameters, it was possible to produce XSS on the export 
panels in the server, database and table sections.
+</py:def>
+
+<py:def function="announcement_mitigation">
+These attacks are unlikely to succeed on a victim. Moreover, all these attacks 
require that the user be already logged in and that a valid token be part of 
the request.
+</py:def>
+
+<py:def function="announcement_severity">
+We consider these vulnerabilities to be non critical.
+</py:def>
+
+<py:def function="announcement_affected">
+Versions 3.4.x are affected.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.4.9 or newer or apply the related patches listed below.
+</py:def>
+
+<py:def function="announcement_references">
+Thanks to <a href="https://twitter.com/totally_unknown";>Nils Juenemann</a> for 
reporting a vulnerable url parameter.
+</py:def>
+
+<py:def function="announcement_cve">CVE-2011-4780</py:def>
+
+<py:def function="announcement_cwe">661 79</py:def>
+
+<py:def function="announcement_commits">
+bd3735ba584e7a49aee78813845245354b061f61
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>
+
+


hooks/post-receive
-- 
phpMyAdmin website

------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git

[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. 5b7fa0538813d55eb5ff980a6461e1ef23f0c52d

Reply via email to