[SECURITY] [DLA 4121-1] phpmyadmin security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4121-1] phpmyadmin security update
From: Adrian Bunk <bunk@debian.org>
Date: Tue, 8 Apr 2025 18:22:33 +0300
Message-id: <Z/U/OU4oXkT+qxjj@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4121-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
April 08, 2025                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : phpmyadmin
Version        : 4:5.0.4+dfsg2-2+deb11u2
CVE ID         : CVE-2023-25727 CVE-2025-24529 CVE-2025-24530

Multiple XSS vulnerabilities have been fixed in phpMyAdmin,
an administration tool for MySQL and MariaDB databases.

CVE-2023-25727

    XSS vulnerability in drag-and-drop upload

CVE-2025-24529

    XSS on Insert page

CVE-2025-24530

    XSS when checking tables

For Debian 11 bullseye, these problems have been fixed in version
4:5.0.4+dfsg2-2+deb11u2.

We recommend that you upgrade your phpmyadmin packages.

For the detailed security status of phpmyadmin please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/phpmyadmin

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmf1PzkACgkQiNJCh6LY
mLGkuQ//QWY2zBwW8hgfcnxBm6O8QFmqpPqYxUbSbAqEGSCWEHe+CDBb1bVt1NnA
WmcBLbIkdIArXts9wLPWmJL/IYSk5AFQHFYZQwjBJHyWnt0DfgHpw554mGu8rsmU
xqpMqKhHTZkQpM03+PBxvBuBsh6POwR4qUoS41WHYfrrYYm1BDoRkdJA4Ikhkpml
tJz3R26mR+I3193Nt6twS1Aun58KWeG0MAladErpu+qqyc0WQSqoDj2i4eoNM6vy
Yrq8nqb0R8mGNMYkhAH5m05ypV2tKSC6E4VJlhK4UfwZuzoJ+Nnqv/Ct/6aiDkJm
+nCKp8ELZSGWlbjbzslwcojJROobXsmnaabbA6Q6FvIRiB8O8JHIAA7Hb7+qx/wR
SkiUymNViQLaNburllsUWqucoYwn3Wo1vPfJEx4Whrd+R8/UD1mrtoVvVIy5z3Wn
4PSe3Y0xenJepObY7ZfAz4Op7kUpkJ+uYv25OxChs1+ZSmQM6VxZyyKwd0XuiIEx
+J+JtJXNZBgCdo8GHC+a2SxGkJO55nih6usgABFaYaGEVRWt8ar0lHbsB5Ufb1i8
gUfncieacRHpFlKRrDr/N9QT82AazfrMvzep5nk8D9+uCQ3Jrp1e1RoNzWCarNOu
NY3cHBhdb9Ad9oLA+A3JX65/pDi7JK8WeO35etnkpEfH+Z1zdhA=
=U01u
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4120-1] libnet-easytcp-perl security update
Next by Date: [SECURITY] [DLA 4119-1] lemonldap-ng security update
Previous by thread: [SECURITY] [DLA 4120-1] libnet-easytcp-perl security update
Next by thread: [SECURITY] [DLA 4119-1] lemonldap-ng security update
Index(es):
- Date
- Thread