phpmyadmin (4:2.10.3-1ubuntu0.1) gutsy-security; urgency=low
* SECURITY UPDATE: Cross-site scripting via multiple vectors. (LP: #162599)
* debian/patches/031_CVE-2007-5386.patch: Sanitise non-URL-encoded query
strings in scripts/setup.php. Patch from Debian.
* debian/patches/031_CVE-2007-5589.patch: Sanitise PHP_SELF and PATH_INFO
inputs in a number of places. Patch from Debian.
* debian/patches/032_CVE-2007-5976.patch: Sanitise database names before
creating them (also covering CVE-2007-5977). Patch from upstream bug.
* debian/patches/033_CVE-2007-6100.patch: Sanitise convcharset as displayed
on authentication form.
* References
CVE-2007-5386
CVE-2007-5589
CVE-2007-5976
CVE-2007-5977
CVE-2007-6100
PMASA-2007-5
PMASA-2007-6
PMASA-2007-7
PMASA-2007-8
-- William Grant <[EMAIL PROTECTED]> Wed, 28 Nov 2007
00:29:25 +1100
** Changed in: phpmyadmin (Ubuntu Gutsy)
Status: Fix Committed => Fix Released
** Changed in: phpmyadmin (Ubuntu Feisty)
Status: Fix Committed => Fix Released
--
few serious security issues for phpMyAdmin
https://bugs.launchpad.net/bugs/162599
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
