Accepted phpmyadmin 4:2.9.1.1-4 (source all)

To: debian-changes@lists.debian.org
Subject: Accepted phpmyadmin 4:2.9.1.1-4 (source all)
From: Thijs Kinkhorst <thijs@debian.org>
Date: Tue, 11 Sep 2007 19:56:16 +0000
Message-id: <[🔎] E1IVBqK-000267-Ns@ries.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue, 28 Aug 2007 22:31:30 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.1.1-4
Distribution: stable-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 phpmyadmin - Administrate MySQL over the WWW
Changes: 
 phpmyadmin (4:2.9.1.1-4) stable-security; urgency=high
 .
   * Update for etch to address security issues.
   * Incomplete blacklist vulnerability in index.php in
     phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct
     cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or
     HTML in a (1) db or (2) table parameter value followed by an uppercase
     </SCRIPT> end tag, which bypasses the protection against lowercase
     </script>. [CVE-2007-1395]
   * Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
     2.10.1.0 allow remote attackers to inject arbitrary web script or HTML
     via (1) the fieldkey parameter to browse_foreigners.php or (2) certain
     input to the PMA_sanitize function. [CVE-2007-2245]
   * Add fix/workaround for deep array recursion, which may cause PHP to
     crash the webserver. [CVE-2007-1325]
Files: 
 26baccf88fa7d3b00f4802e46d8d0053 1011 web extra phpmyadmin_2.9.1.1-4.dsc
 f598509b308bf96aee836eb2338f523c 3500563 web extra phpmyadmin_2.9.1.1.orig.tar.gz
 0f377a70b327c65f53ff6895856d18d6 46886 web extra phpmyadmin_2.9.1.1-4.diff.gz
 05f19efce1cb5b31a8f1161a01dbe158 3605594 web extra phpmyadmin_2.9.1.1-4_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBRuGC/Gz0hbPcukPfAQI3pAf+J3SuPU0wVigy4GH7p2vgJ4JkkfAV6xah
uj9DcIa/opONjs97oaczyAOc0ToPvhK7zWXykZBLuKXYmnvIJZGN8BpQqpX7JaTB
YaXBdggTYeMDZzGuEoIVmWABeNSsgbKvk4Haq/7P6dtSmJOpzqZpQm58mgP4YtUu
/CXH0dxrPyqa38c0JMdRxro35EJgOwm8MCv5L8ea3RkBGa1OAkbNsibj3dUxKF/2
oJH22jMBw12ZnN6oGok5kZJ+RP9nM37jW73DBhnLYuCFcXC7Aa/zyvM4E0DiYD2d
PXIvseNlWCCTB10u0ljM8aqRahsm7cHeXkDVFr+VpFce1UGsDmS5QA==
=0Vxb
-----END PGP SIGNATURE-----


Accepted:
phpmyadmin_2.9.1.1-4.diff.gz
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.diff.gz
phpmyadmin_2.9.1.1-4.dsc
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.dsc
phpmyadmin_2.9.1.1-4_all.deb
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4_all.deb

Reply to:

Prev by Date: Accepted xorg-server 2:1.1.1-21etch1 (source i386)
Next by Date: Accepted phpmyadmin 4:2.6.2-3sarge5 (source all)
Previous by thread: Accepted xorg-server 2:1.1.1-21etch1 (source i386)
Next by thread: Accepted phpmyadmin 4:2.6.2-3sarge5 (source all)
Index(es):
- Date
- Thread