Accepted phpmyadmin 4:2.9.1.1-4 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 28 Aug 2007 22:31:30 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.1.1-4
Distribution: stable-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
phpmyadmin - Administrate MySQL over the WWW
Changes:
phpmyadmin (4:2.9.1.1-4) stable-security; urgency=high
.
* Update for etch to address security issues.
* Incomplete blacklist vulnerability in index.php in
phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct
cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or
HTML in a (1) db or (2) table parameter value followed by an uppercase
</SCRIPT> end tag, which bypasses the protection against lowercase
</script>. [CVE-2007-1395]
* Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.10.1.0 allow remote attackers to inject arbitrary web script or HTML
via (1) the fieldkey parameter to browse_foreigners.php or (2) certain
input to the PMA_sanitize function. [CVE-2007-2245]
* Add fix/workaround for deep array recursion, which may cause PHP to
crash the webserver. [CVE-2007-1325]
Files:
26baccf88fa7d3b00f4802e46d8d0053 1011 web extra phpmyadmin_2.9.1.1-4.dsc
f598509b308bf96aee836eb2338f523c 3500563 web extra phpmyadmin_2.9.1.1.orig.tar.gz
0f377a70b327c65f53ff6895856d18d6 46886 web extra phpmyadmin_2.9.1.1-4.diff.gz
05f19efce1cb5b31a8f1161a01dbe158 3605594 web extra phpmyadmin_2.9.1.1-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRuGC/Gz0hbPcukPfAQI3pAf+J3SuPU0wVigy4GH7p2vgJ4JkkfAV6xah
uj9DcIa/opONjs97oaczyAOc0ToPvhK7zWXykZBLuKXYmnvIJZGN8BpQqpX7JaTB
YaXBdggTYeMDZzGuEoIVmWABeNSsgbKvk4Haq/7P6dtSmJOpzqZpQm58mgP4YtUu
/CXH0dxrPyqa38c0JMdRxro35EJgOwm8MCv5L8ea3RkBGa1OAkbNsibj3dUxKF/2
oJH22jMBw12ZnN6oGok5kZJ+RP9nM37jW73DBhnLYuCFcXC7Aa/zyvM4E0DiYD2d
PXIvseNlWCCTB10u0ljM8aqRahsm7cHeXkDVFr+VpFce1UGsDmS5QA==
=0Vxb
-----END PGP SIGNATURE-----
Accepted:
phpmyadmin_2.9.1.1-4.diff.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.diff.gz
phpmyadmin_2.9.1.1-4.dsc
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.dsc
phpmyadmin_2.9.1.1-4_all.deb
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4_all.deb
Reply to: