Accepted phpmyadmin 4:2.6.2-3sarge1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 28 Oct 2005 15:32:47 -0400
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.6.2-3sarge1
Distribution: stable-security
Urgency: high
Maintainer: Piotr Roszatycki <dexter@debian.org>
Changed-By: Noah Meyerhans <noahm@debian.org>
Description:
phpmyadmin - set of PHP-scripts to administrate MySQL over the WWW
Closes: 328501 335306 335513
Changes:
phpmyadmin (4:2.6.2-3sarge1) stable-security; urgency=high
.
* NMU by security team to fix several vulnerabilities. Patch provided
by Piotr Roszatycki <dexter@debian.org>
* Security fix: Several Cross-Site Scripting vulnerabilities.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2869
Closes: #328501.
* Security fix: (1) Local file inclusion vulnerability and (2) Cross-Site
Scripting vulnerability.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3300
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3301
Closes: #335306, #335513.
.
* Modified 001-config.patch:
- Append the Debian package revision to the upstream version. Marks that
this phpMyAdmin package has additional Debian modifications so the
bugreports won't confuse phpMyAdmin's coders.
* New 100-bug1223319.patch:
- Use eval for config file including to catch parse errors. The patch is
required by further patch which fixes XSS.
* New 101-patch1258978.patch:
- Move common code for error pages out of common.lib.php. The patch is
required by further patch which fixes XSS.
* New 102-bug1240880.patch:
- XSS on the cookie-based login panel.
* New 102-bug1249239.patch:
- XSS vulnerability on Create page.
* New 102-bug1252124.patch:
- XSS on table creation page.
* New 102-bug1265740.patch:
- Protect against possible XSS, move input sanitizing to special file.
* New 102-bug1283552.patch:
- XSS on username.
* New 102-bug_XSS_on_header.inc.php.patch:
- XSS on header.inc.php.
* New 103-bug_CVE-2005-3300.patch:
- Cross-Site Scripting vulnerability.
* New 103-bug_CVE-2005-3301.patch:
- Local file inclusion vulnerability.
Files:
bae6eb2d34ffb43fe84be9086aa140cd 604 web extra phpmyadmin_2.6.2-3sarge1.dsc
05e33121984824c43d94450af3edf267 2654418 web extra phpmyadmin_2.6.2.orig.tar.gz
bcf942cced4b77c6ea237032134b7285 35138 web extra phpmyadmin_2.6.2-3sarge1.diff.gz
7dddcca1746dfd9c2493fcbb82d7b882 2768208 web extra phpmyadmin_2.6.2-3sarge1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDYoUOYrVLjBFATsMRAgdOAJ4/yxwJDhIe9brrVluOkYfAsEO4EwCfSacG
Jq4yjMtm6NwhVtd++X1M0HQ=
=QQZS
-----END PGP SIGNATURE-----
Accepted:
phpmyadmin_2.6.2-3sarge1.diff.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1.diff.gz
phpmyadmin_2.6.2-3sarge1.dsc
to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1.dsc
phpmyadmin_2.6.2-3sarge1_all.deb
to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1_all.deb
Reply to: