phpmyadmin (4:2.11.8.1-1ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE: remote code execution via PHP sequences in sort_by
parameter
- debian/patches/041-security-CVE-2008-4096.dpatch: add new
PMA_usort_comparison_callback in libraries/database_interface.lib.php
- CVE-2008-4096
* SECURITY UPDATE: cross-site scripting via NUL byte
- debian/patches/042-security-CVE-2008-4326.dpatch: remove NUL bytes
in libraries/js_escape.lib.php.
- CVE-2008-4326
* SECURITY UPDATE: cross-site scripting in pmd_pdf.php when
register_globals is enabled
- debian/patches/043-security-CVE-2008-4775.dpatch: use
PMA_generate_common_hidden_inputs in pmd_pdf.php.
- CVE-2008-4775
* SECURITY UPDATE: code execution via CSRF vulnerability (LP: #306699)
- debian/patches/044-security-CVE-2008-5621.dpatch: use PMA_backquote
instead of PMA_sqlAddslashes in libraries/db_table_exists.lib.php.
- CVE-2008-5621
* SECURITY UPDATE: code injection via multiple cross-site scripting
vulnerabilities in display_export.lib.php
- debian/patches/045-security-CVE-2009-1150.dpatch: strip special chars
in libraries/display_export.lib.php.
- CVE-2009-1150
* SECURITY UPDATE: code injection from PHP code in a configuration file
via the save action.
- debian/patches/046-security-CVE-2009-1151.dpatch: filter $key in
scripts/setup.php.
- CVE-2009-1151
-- Marc Deslauriers <[email protected]> Sun, 05 Jul 2009
10:16:05 -0400
** Changed in: phpmyadmin (Ubuntu Intrepid)
Status: Fix Committed => Fix Released
--
phpMyAdmin: CVE-2009-1151: Arbitrary code execution
https://bugs.launchpad.net/bugs/387215
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
