Re: phpmyadmin / CVE-2016-9861 / PMASA-2016-66
Brian May <bam@debian.org> writes:
> From what I can tell, phpmyadmin may in wheezy may not be vulnerable to
> CVE-2016-9861 / PMASA-2016-66 because I can't find the vulnerable code.
Hmmm... Looks like the PMA_isAllowedDomain() function was created in
response to CVE-2016-4412 / PMASA-2016-57 which hasn't been fixed yet in
wheezy.
The included patch at
https://github.com/phpmyadmin/phpmyadmin/commit/6f413680b172ae0b25f2509f1c7bb21405e8eaf9
doesn't appear to include the vulnerability however.
--
Brian May <bam@debian.org>
Reply to: