[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted phpmyadmin 4:2.9.1.1-9 (source all)



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun, 30 Nov 2008 12:52:40 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.1.1-9
Distribution: stable-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 phpmyadmin - Administrate MySQL over the WWW
Closes: 503270
Changes: 
 phpmyadmin (4:2.9.1.1-9) stable-security; urgency=high
 .
   * The PMA_escapeJsString function in libraries/js_escape.lib.php in
     phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote
     attackers to bypass cross-site scripting (XSS) protection mechanisms and
     conduct XSS attacks via a NUL byte inside a "</script" sequence.
     [CVE-2008-4326]
   * Add missing variable 'lang' to $allow_list, which unbreaks the
     language selection on the login screen (regression introduced in -8).
     (Closes: #503270)
Files: 
 b751c9769e198e656e7b982ec8bc4fc9 1019 web extra phpmyadmin_2.9.1.1-9.dsc
 fee9d9989bd7e53fbe5f5308078cc68d 54647 web extra phpmyadmin_2.9.1.1-9.diff.gz
 4148b6e9d9ee79457a9696cec5816259 3602510 web extra phpmyadmin_2.9.1.1-9_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJJMoSlAAoJEGz0hbPcukPfm54IAJ98zvmebP/I3mi6eI6zMuVr
0K0vxgBKhlph4NCxcowoF1zf9XHnUtMPH5m72H3tUX2CozFp40DARRZ2pJm9E9lx
7lavedXJgLe4jDYkKYgNJaZotH7pFf+FGZfQq60yE63WL+0SV1QKpr19Y8NAU3fF
a2WqodnhipwnBO2+UIJ39553uwLrHMjTYb9X72gydhe7CcfbxISc8uZCyk08wuN2
hxmJN3MjF4M+BCY/yPcpXc1ox5BGeDB252l6P2z8FzC7ucfEq4v3l45KonKEl8L7
6n+KfyZ7QoJCKtew+of3wOP+i6Hk6U7rv0SBUqOugtsXtR5GFXy4955MWarS9Rg=
=xBdf
-----END PGP SIGNATURE-----


Accepted:
phpmyadmin_2.9.1.1-9.diff.gz
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.diff.gz
phpmyadmin_2.9.1.1-9.dsc
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.dsc
phpmyadmin_2.9.1.1-9_all.deb
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9_all.deb


Reply to: