Accepted phpmyadmin 4:2.9.1.1-7 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 24 Apr 2008 20:00:49 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.1.1-7
Distribution: stable-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
phpmyadmin - Administrate MySQL over the WWW
Changes:
phpmyadmin (4:2.9.1.1-7) stable-security; urgency=high
.
* Update for etch to address a security issue.
* Attackers with CREATE table permissions were allowed to read arbitrary
files via a crafted HTTP POST request, related to use of an undefined
UploadDir variable. [PMASA-2008-3, CVE-2008-1924]
* Stores the MySQL (1) username and (2) password, and the (3) Blowfish
secret key, in cleartext in a Session file under /tmp, which allows
local users to obtain sensitive information.
[PMASA-2008-2, CVE-2008-1567]
* phpMyAdmin accesses $_REQUEST to obtain some parameters instead of
$_GET and $_POST, which allows attackers in the same domain to
override certain variables and conduct SQL injection and Cross Site
Request Forgery (CSRF) attacks by using crafed cookies.
[PMASA-2008-1, CVE-2008-1149]
Files:
77cb879dd53d50993ed441020edc83f1 1011 web extra phpmyadmin_2.9.1.1-7.dsc
74178c3262500623fc8dfc1446539c91 50986 web extra phpmyadmin_2.9.1.1-7.diff.gz
b10e8b52f3b9941d383dff78e545e322 3606694 web extra phpmyadmin_2.9.1.1-7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBSBDNWGz0hbPcukPfAQKZlAf8DlXmAlJeR1nOGh0wgTH3vY6SPM4JV9n8
jZdBNrnnVy7jD4TeQPdYmoEGueJdmhE5kqWJXlmTRR43MZ5ff+jepSMV26uk5akT
lxiBQOP6b2vJK6N6foFUO8xFIiTBlMp7NYfQjdBwcM/qa2HHtCwSq3pJnqsQ0w3x
xzimt/MhcJucvN5itxizLbJ4HbTKtwGN9pR2HyCV7tcUqDPdMUBvHt8Jh1065XID
MB/5V43si/Ceg2uGK1xIpk4QAuY7aAWjhpsUMiICJK0JwMdBPS+se1hv74xAGSbp
gGVdet38Zwr4StWOrCS5+m/SzMvE2NcpeWohXtPnKoyrR+9/G204lA==
=CXcj
-----END PGP SIGNATURE-----
Accepted:
phpmyadmin_2.9.1.1-7.diff.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-7.diff.gz
phpmyadmin_2.9.1.1-7.dsc
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-7.dsc
phpmyadmin_2.9.1.1-7_all.deb
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-7_all.deb
Reply to: