Accepted phpmyadmin 4:2.9.1.1-7 (source all)

To: debian-changes@lists.debian.org
Subject: Accepted phpmyadmin 4:2.9.1.1-7 (source all)
From: Thijs Kinkhorst <thijs@debian.org>
Date: Sat, 26 Jul 2008 09:57:53 +0000
Message-id: <[🔎] E1KMgXB-0005xp-2b@ries.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 24 Apr 2008 20:00:49 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.1.1-7
Distribution: stable-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 phpmyadmin - Administrate MySQL over the WWW
Changes: 
 phpmyadmin (4:2.9.1.1-7) stable-security; urgency=high
 .
   * Update for etch to address a security issue.
   * Attackers with CREATE table permissions were allowed to read arbitrary
     files via a crafted HTTP POST request, related to use of an undefined
     UploadDir variable. [PMASA-2008-3, CVE-2008-1924]
   * Stores the MySQL (1) username and (2) password, and the (3) Blowfish
     secret key, in cleartext in a Session file under /tmp, which allows
     local users to obtain sensitive information.
     [PMASA-2008-2, CVE-2008-1567]
   * phpMyAdmin accesses $_REQUEST to obtain some parameters instead of
     $_GET and $_POST, which allows attackers in the same domain to
     override certain variables and conduct SQL injection and Cross Site
     Request Forgery (CSRF) attacks by using crafed cookies.
     [PMASA-2008-1, CVE-2008-1149]
Files: 
 77cb879dd53d50993ed441020edc83f1 1011 web extra phpmyadmin_2.9.1.1-7.dsc
 74178c3262500623fc8dfc1446539c91 50986 web extra phpmyadmin_2.9.1.1-7.diff.gz
 b10e8b52f3b9941d383dff78e545e322 3606694 web extra phpmyadmin_2.9.1.1-7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQEVAwUBSBDNWGz0hbPcukPfAQKZlAf8DlXmAlJeR1nOGh0wgTH3vY6SPM4JV9n8
jZdBNrnnVy7jD4TeQPdYmoEGueJdmhE5kqWJXlmTRR43MZ5ff+jepSMV26uk5akT
lxiBQOP6b2vJK6N6foFUO8xFIiTBlMp7NYfQjdBwcM/qa2HHtCwSq3pJnqsQ0w3x
xzimt/MhcJucvN5itxizLbJ4HbTKtwGN9pR2HyCV7tcUqDPdMUBvHt8Jh1065XID
MB/5V43si/Ceg2uGK1xIpk4QAuY7aAWjhpsUMiICJK0JwMdBPS+se1hv74xAGSbp
gGVdet38Zwr4StWOrCS5+m/SzMvE2NcpeWohXtPnKoyrR+9/G204lA==
=CXcj
-----END PGP SIGNATURE-----


Accepted:
phpmyadmin_2.9.1.1-7.diff.gz
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-7.diff.gz
phpmyadmin_2.9.1.1-7.dsc
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-7.dsc
phpmyadmin_2.9.1.1-7_all.deb
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-7_all.deb

Reply to:

Prev by Date: Accepted proftpd-dfsg 1.3.0-19etch1 (source all i386)
Next by Date: Accepted b43-fwcutter 1:011-1~etchnhalf.2 (source amd64)
Previous by thread: Accepted policyd-weight 0.1.14-beta-6etch2 (source all)
Next by thread: Accepted b43-fwcutter 1:011-1~etchnhalf.2 (source amd64)
Index(es):
- Date
- Thread