Hi,
would you consider this for a stable update?
----- Forwarded message from Moritz Mühlenhoff <jmm@inutil.org> -----
Date: Wed, 4 Apr 2012 20:18:48 +0200
From: Moritz Mühlenhoff <jmm@inutil.org>
To: Christoph Berg <myon@debian.org>
Cc: team@security.debian.org
Subject: Re: phppgadmin 4.2.3-1.1squeeze1 possible XSS vulerability
On Tue, Mar 27, 2012 at 12:42:20PM +0200, Christoph Berg wrote:
> Hi,
>
> phppgadmin 5.0.4 includes a fix for a possible XSS vulerability that
> also affects 4.2.3-1.1squeeze1. There is no bug nor a CVE number, and
> it is even unclear (to me) if this is exploitable. The patch doesn't
> break the package, so I thought it might be a good idea to ask you if
> you want this for a security advisory.
>
> The unstable package 5.0.4-1 is of course already fixed.
>
> Upstream fix:
> https://github.com/ioguix/phppgadmin/commit/5f8a1f6307f095fb69050cef01109373b88b558e
>
> Updated package: http://people.debian.org/~myon/phppgadmin/
Thanks for working on this. Please fix this through a stable point
update, this doesn't warrant a DSA.
Cheers,
Moritz
----- End forwarded message -----
Christoph
--
cb@df7cb.de | http://www.df7cb.de/
Attachment:
signature.asc
Description: Digital signature