[SECURITY] [DLA 3644-1] phppgadmin security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3644-1] phppgadmin security update
From: "Chris Lamb" <lamby@debian.org>
Date: Fri, 3 Nov 2023 04:21:19 -0400 (EDT)
Message-id: <[🔎] 169899961685.11184.2453410145481051382@copycat>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3644-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
November 03, 2023                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : phppgadmin
Version        : 5.1+ds-4+deb10u1
CVE ID         : CVE-2023-40619
Debian Bug     : 1053004

It was discovered there was a potential remote code execution
vulnerability in phppgadmin, a web-based administration tool for the
PostgreSQL database server. This issue concerned the deserialisation
of untrusted data which may have led to remote code execution because
user-controlled data was being passed directly to the PHP
'unserialize()' function.

For Debian 10 buster, this problem has been fixed in version
5.1+ds-4+deb10u1.

We recommend that you upgrade your phppgadmin packages.

For the detailed security status of phppgadmin please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/phppgadmin

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmVErT8ACgkQHpU+J9Qx
HlhuyQ//QBTZc7HQZhlJWbVu6d0qxNY2CgX3kZo0wkO/txWWNWMRHaZy/HbTQgPI
7/up4G7tnb1i0pXYHkxy6dYydp46RlW0qSw9uCSzN3PTL6BJdUbM8l6kh/I+sDCw
Mp3L1s50IuHUxAMvdllOricNamyxrbuwqptowcqe8SNP05iBKYrLir25CucHNahb
kSNwkJtStZzYoaCaRX4+cMraqvLiTYHiv9NymbNDKw7iReBrGcq0RAK1lW95y07S
ECn3eJYHwgkvjxCNA8qQj3fct0w16neHr+DiO7GKRxExqk66vSLC5qWhPp7e4noy
OfWUlcwpDK4YfebrlPjUL9zrTYIpESqUhgUV57VqO2lG7sNPAJLgBYo98QDTVx1y
vYQMxwHZvYmVZ8nOruCgrhcc2+ibB32DMBbN9i9YNV5G+qeUBtWcdszZeRiYRZ9O
7t+MjyCBqwZOv8rbkZziqvftik3taZiFbt/jUsbzRzRxfx8RDBGcG9hdEqNYAIwi
250S0NYRmflQSD5RLGxaBP02c7VQOZBtTKf6HwqH8LmldKiZiaVZHUlorUZ0PwKa
3/sIbBG1lA0p15Zfb/bhh7hzQ11oejk/zsQ6KPposmmOsHMhyJmk/u0J1lTDH6TN
KDOAHxR89eC2eRCSqgrIYok8v6fO2kY4/EiquW1eDgv+VmOWCwg=
=cih6
-----END PGP SIGNATURE-----

Reply to:

Next by Date: [SECURITY] [DLA 3645-1] trafficserver security update
Next by thread: [SECURITY] [DLA 3645-1] trafficserver security update
Index(es):
- Date
- Thread