Accepted phpmyadmin 4:2.9.1.1-9 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 30 Nov 2008 12:52:40 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.1.1-9
Distribution: stable-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description:
phpmyadmin - Administrate MySQL over the WWW
Closes: 503270
Changes:
phpmyadmin (4:2.9.1.1-9) stable-security; urgency=high
.
* The PMA_escapeJsString function in libraries/js_escape.lib.php in
phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote
attackers to bypass cross-site scripting (XSS) protection mechanisms and
conduct XSS attacks via a NUL byte inside a "</script" sequence.
[CVE-2008-4326]
* Add missing variable 'lang' to $allow_list, which unbreaks the
language selection on the login screen (regression introduced in -8).
(Closes: #503270)
Files:
b751c9769e198e656e7b982ec8bc4fc9 1019 web extra phpmyadmin_2.9.1.1-9.dsc
fee9d9989bd7e53fbe5f5308078cc68d 54647 web extra phpmyadmin_2.9.1.1-9.diff.gz
4148b6e9d9ee79457a9696cec5816259 3602510 web extra phpmyadmin_2.9.1.1-9_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJJMoSlAAoJEGz0hbPcukPfm54IAJ98zvmebP/I3mi6eI6zMuVr
0K0vxgBKhlph4NCxcowoF1zf9XHnUtMPH5m72H3tUX2CozFp40DARRZ2pJm9E9lx
7lavedXJgLe4jDYkKYgNJaZotH7pFf+FGZfQq60yE63WL+0SV1QKpr19Y8NAU3fF
a2WqodnhipwnBO2+UIJ39553uwLrHMjTYb9X72gydhe7CcfbxISc8uZCyk08wuN2
hxmJN3MjF4M+BCY/yPcpXc1ox5BGeDB252l6P2z8FzC7ucfEq4v3l45KonKEl8L7
6n+KfyZ7QoJCKtew+of3wOP+i6Hk6U7rv0SBUqOugtsXtR5GFXy4955MWarS9Rg=
=xBdf
-----END PGP SIGNATURE-----
Accepted:
phpmyadmin_2.9.1.1-9.diff.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.diff.gz
phpmyadmin_2.9.1.1-9.dsc
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.dsc
phpmyadmin_2.9.1.1-9_all.deb
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9_all.deb
Reply to: