Hosting Provided By

Accepted phpmyadmin 4:2.9.1.1-4 (source all)

From: Thijs Kinkhorst <thijs(at)debian.org>
Date: Tue Sep 11 2007 - 15:56:16 EDT

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 28 Aug 2007 22:31:30 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.1.1-4
Distribution: stable-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description:
phpmyadmin - Administrate MySQL over the WWW Changes:
phpmyadmin (4:2.9.1.1-4) stable-security; urgency=high .

Update for etch to address security issues.
Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>. [CVE-2007-1395]
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function. [CVE-2007-2245]
Add fix/workaround for deep array recursion, which may cause PHP to crash the webserver. [CVE-2007-1325] Files: 26baccf88fa7d3b00f4802e46d8d0053 1011 web extra phpmyadmin_2.9.1.1-4.dsc f598509b308bf96aee836eb2338f523c 3500563 web extra phpmyadmin_2.9.1.1.orig.tar.gz 0f377a70b327c65f53ff6895856d18d6 46886 web extra phpmyadmin_2.9.1.1-4.diff.gz 05f19efce1cb5b31a8f1161a01dbe158 3605594 web extra phpmyadmin_2.9.1.1-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBRuGC/Gz0hbPcukPfAQI3pAf+J3SuPU0wVigy4GH7p2vgJ4JkkfAV6xah uj9DcIa/opONjs97oaczyAOc0ToPvhK7zWXykZBLuKXYmnvIJZGN8BpQqpX7JaTB YaXBdggTYeMDZzGuEoIVmWABeNSsgbKvk4Haq/7P6dtSmJOpzqZpQm58mgP4YtUu /CXH0dxrPyqa38c0JMdRxro35EJgOwm8MCv5L8ea3RkBGa1OAkbNsibj3dUxKF/2 oJH22jMBw12ZnN6oGok5kZJ+RP9nM37jW73DBhnLYuCFcXC7Aa/zyvM4E0DiYD2d PXIvseNlWCCTB10u0ljM8aqRahsm7cHeXkDVFr+VpFce1UGsDmS5QA== =0Vxb
-----END PGP SIGNATURE----- Accepted:
phpmyadmin_2.9.1.1-4.diff.gz
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.diff.gz phpmyadmin_2.9.1.1-4.dsc
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.dsc phpmyadmin_2.9.1.1-4_all.deb
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4_all.deb

-- 
To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Tue Sep 11 16:01:10 2007

This message: [ Message body ]
Next message: Thijs Kinkhorst: "Accepted phpmyadmin 4:2.6.2-3sarge5 (source all)"
Previous message: Julien Cristau: "Accepted xorg-server 2:1.1.1-21etch1 (source i386)"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 07:58:46 EDT