tags 404744 -sarge thanks On Sat, 2007-01-06 at 18:48 -0500, Marc Delisle wrote: > Hi Thijs and Stefan, > here is the change I suggest in libraries/session.inc.php, feel free to > send me your feedback.
I've uploaded this patch, and the JavaScript one to unstable. For stable/sarge this doesn't apply, since this doesn't use sessions at all (phpMyAdmin 2.6.2). Marking as such. Thanks for your help, Marc! The XSS via the index.php JavaScript also does not apply to sarge since that is not present there. We previously agreed that PMASA-2006-7, PMASA-2006-8, PMASA-2006-9 do not apply to sarge or are not in need of a security release. I think this settles all open issues for sarge and sid, and I will make sure that the fixed package reaches etch. Summary for the security team: - CVE-2006-6374 does not apply to sarge - CVE-2007-0203 does not apply to sarge Thijs
signature.asc
Description: This is a digitally signed message part