Accepted phpmyadmin 4:2.6.2-3sarge1 (source all)

To: debian-changes@lists.debian.org
Subject: Accepted phpmyadmin 4:2.6.2-3sarge1 (source all)
From: Noah Meyerhans <noahm@debian.org>
Date: Fri, 16 Dec 2005 21:37:16 -0800
Message-id: <[🔎] E1EnUku-0000vN-R4@spohr.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 28 Oct 2005 15:32:47 -0400
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.6.2-3sarge1
Distribution: stable-security
Urgency: high
Maintainer: Piotr Roszatycki <dexter@debian.org>
Changed-By: Noah Meyerhans <noahm@debian.org>
Description: 
 phpmyadmin - set of PHP-scripts to administrate MySQL over the WWW
Closes: 328501 335306 335513
Changes: 
 phpmyadmin (4:2.6.2-3sarge1) stable-security; urgency=high
 .
   * NMU by security team to fix several vulnerabilities.  Patch provided
     by Piotr Roszatycki <dexter@debian.org>
   * Security fix: Several Cross-Site Scripting vulnerabilities.
     See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2869
     Closes: #328501.
   * Security fix: (1) Local file inclusion vulnerability and (2) Cross-Site
     Scripting vulnerability.
     See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3300
     See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3301
     Closes: #335306, #335513.
 .
   * Modified 001-config.patch:
     - Append the Debian package revision to the upstream version. Marks that
       this phpMyAdmin package has additional Debian modifications so the
       bugreports won't confuse phpMyAdmin's coders.
   * New 100-bug1223319.patch:
     - Use eval for config file including to catch parse errors. The patch is
       required by further patch which fixes XSS.
   * New 101-patch1258978.patch:
     - Move common code for error pages out of common.lib.php. The patch is
       required by further patch which fixes XSS.
   * New 102-bug1240880.patch:
     - XSS on the cookie-based login panel.
   * New 102-bug1249239.patch:
     - XSS vulnerability on Create page.
   * New 102-bug1252124.patch:
     - XSS on table creation page.
   * New 102-bug1265740.patch:
     - Protect against possible XSS, move input sanitizing to special file.
   * New 102-bug1283552.patch:
     - XSS on username.
   * New 102-bug_XSS_on_header.inc.php.patch:
     - XSS on header.inc.php.
   * New 103-bug_CVE-2005-3300.patch:
     - Cross-Site Scripting vulnerability.
   * New 103-bug_CVE-2005-3301.patch:
     - Local file inclusion vulnerability.
Files: 
 bae6eb2d34ffb43fe84be9086aa140cd 604 web extra phpmyadmin_2.6.2-3sarge1.dsc
 05e33121984824c43d94450af3edf267 2654418 web extra phpmyadmin_2.6.2.orig.tar.gz
 bcf942cced4b77c6ea237032134b7285 35138 web extra phpmyadmin_2.6.2-3sarge1.diff.gz
 7dddcca1746dfd9c2493fcbb82d7b882 2768208 web extra phpmyadmin_2.6.2-3sarge1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDYoUOYrVLjBFATsMRAgdOAJ4/yxwJDhIe9brrVluOkYfAsEO4EwCfSacG
Jq4yjMtm6NwhVtd++X1M0HQ=
=QQZS
-----END PGP SIGNATURE-----


Accepted:
phpmyadmin_2.6.2-3sarge1.diff.gz
  to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1.diff.gz
phpmyadmin_2.6.2-3sarge1.dsc
  to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1.dsc
phpmyadmin_2.6.2-3sarge1_all.deb
  to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1_all.deb

Reply to:

Prev by Date: Accepted php4 4:4.3.10-16 (source i386 all)
Next by Date: Accepted osh 1.7-13sarge1 (source i386)
Previous by thread: Accepted php4 4:4.3.10-16 (source i386 all)
Next by thread: Accepted pstotext 1.9-1sarge1 (source i386)
Index(es):
- Date
- Thread