Bug#349786: phpmyadmin: Import_Blacklist Variable Overwrite Vulnerability
Package: phpmyadmin Severity: grave Justification: user security hole http://www.securityfocus.com/bid/15761/info I see several other things fixed recently, butnot this one, so I thought I would pass it along. If it is already fixed and I missed it, then I am sorry for the noise. Upstream says this is fixed 2.7 -pl1, but it appears unstable has 2.7, so even sid may be vulnerable right now. Take care, -- System Information: Debian Release: 3.1 Architecture: powerpc (ppc) Kernel: Linux 2.6.8-powerpc Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US.ISO-8859-1) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#349786: phpmyadmin: Import_Blacklist Variable Overwrite Vulnerability
found 349786 4:2.6.2-3sarge1 tags 349786 security sarge severity 349786 critical thanks On Wednesday 25 January 2006 10:32, Stephen Gran wrote: http://www.securityfocus.com/bid/15761/info I see several other things fixed recently, butnot this one, so I thought I would pass it along. If it is already fixed and I missed it, then I am sorry for the noise. Upstream says this is fixed 2.7 -pl1, but it appears unstable has 2.7, so even sid may be vulnerable right now. The testing and ustable is unaffected. The sarge's version contains this bug. I'm going to notify the Security Team and provide the fix. -- .''`.Piotr Roszatycki : :' :mailto:[EMAIL PROTECTED] `. `' mailto:[EMAIL PROTECTED] `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#349786: phpmyadmin: Import_Blacklist Variable Overwrite Vulnerability
On Wednesday 25 January 2006 11:39, Piotr Roszatycki wrote: notfound 349786 4:2.6.2-3sarge1 close 349786 tags 349786 -sarge unconfirmed thanks Well, the bug was introduced in 2.7.0 version and was fixed in 2.7.0-pl1 version, so the 2.6.2 does not contain this bug. In 2.7.0 version the method of sanitizing global variables was changed. I doubt if method used in 2.6.2 version is unsecure, so I think the bugreport should be just closed. Thanks. -- .''`.Piotr Roszatycki : :' :mailto:[EMAIL PROTECTED] `. `' mailto:[EMAIL PROTECTED] `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]