phpMyAdmin : security-related version not yet packaged?
There's a new version of phpMyAdmin [1] which is security related [2].
It seems not yet packaged [3], and I see nothing in Changelog [4]
or in the bts [5]. But it's very new (2004-11-18).
What should I do as Debian user in that case ?
- mail maintainer?
- fill a bug report? (tags wishlist? grave because security related?)
- wait a week or two?
- find other way to know if someone's working on it?
Christophe
[1] The phpMyAdmin Project
http://www.phpmyadmin.net/home_page/
[2] PMASA-2004-3 Date: 2004-11-18
Multiple XSS vulnerability were found in phpMyAdmin, that may allow
an attacker to conduct Cross-site scripting (XSS) attacks.
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3
[3] phpmyadmin versions in Debian
http://packages.debian.org/cgi-bin/search_packages.pl?keywords=phpmyadmin&searchon=names&subword=1&version=all&release=all
[4] phpmyadmin Debian Changelog
http://packages.debian.org/changelogs/pool/main/p/phpmyadmin/phpmyadmin_2.6.0-pl2-2/changelog
[5] Debian Bug report logs: package phpmyadmin
http://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=phpmyadmin
Reply to: