This bug was fixed in the package phpmyadmin - 4:2.11.3-1ubuntu1.1
---------------
phpmyadmin (4:2.11.3-1ubuntu1.1) hardy-security; urgency=low
* SECURITY UPDATE: sensitive data in session files, reading of arbitrary
files by users with the CREATE privilege. (LP: #227283)
- debian/patches/051_CVE-2008-1567.dpatch: Add. Don't save sensitive
information in session files. Patch from upstream SVN.
- debian/patches/052_CVE-2008-1924.dpatch: Add. Confirm that the upload
directory is set. Patch from upstream SVN.
- References:
+ CVE-2008-1567
+ CVE-2008-1924
+ PMASA-2008-2
+ PMASA-2008-3
-- William Grant <[EMAIL PROTECTED]> Fri, 30 May 2008 18:43:32 +1000
** Changed in: phpmyadmin (Ubuntu Hardy)
Status: Fix Committed => Fix Released
--
[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising
https://bugs.launchpad.net/bugs/227283
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
