phpmyadmin (4:3.1.2-1ubuntu0.1) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary file disclosure via directory traversal in
bs_disp_as_mime_type.php
- debian/patches/041-security-CVE-2009-1148.dpatch: check parameters
before using in bs_disp_as_mime_type.php.
- CVE-2009-1148
* SECURITY UPDATE: arbitrary HTTP headers injection via CRLF injection in
bs_disp_as_mime_type.php
- Fixed in the CVE-2009-1148 patch
- CVE-2009-1149
* SECURITY UPDATE: code injection via multiple cross-site scripting
vulnerabilities in display_export.lib.php
- debian/patches/042-security-CVE-2009-1150.dpatch: strip special chars
in libraries/display_export.lib.php.
- CVE-2009-1150
* SECURITY UPDATE: code injection via configuration files
- debian/patches/043-security-CVE-2009-1285.dpatch: clean up key names
in setup/lib/ConfigFile.class.php.
- CVE-2009-1285
* SECURITY UPDATE: code injection via cross-site scripting from crafted
SQL bookmark
- debian/patches/044-security-CVE-2009-2284.dpatch: strip special
characters in libraries/common.lib.php and sql.php.
- CVE-2009-2284
-- Marc Deslauriers <[email protected]> Sun, 05 Jul 2009
09:50:12 -0400
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1148
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1149
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-1285
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-2284
** Changed in: phpmyadmin (Ubuntu Jaunty)
Status: Fix Committed => Fix Released
--
phpMyAdmin: CVE-2009-1151: Arbitrary code execution
https://bugs.launchpad.net/bugs/387215
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
