Hi, would you consider this for a stable update? ----- Forwarded message from Moritz Mühlenhoff <jmm@inutil.org> ----- Date: Wed, 4 Apr 2012 20:18:48 +0200 From: Moritz Mühlenhoff <jmm@inutil.org> To: Christoph Berg <myon@debian.org> Cc: team@security.debian.org Subject: Re: phppgadmin 4.2.3-1.1squeeze1 possible XSS vulerability On Tue, Mar 27, 2012 at 12:42:20PM +0200, Christoph Berg wrote: > Hi, > > phppgadmin 5.0.4 includes a fix for a possible XSS vulerability that > also affects 4.2.3-1.1squeeze1. There is no bug nor a CVE number, and > it is even unclear (to me) if this is exploitable. The patch doesn't > break the package, so I thought it might be a good idea to ask you if > you want this for a security advisory. > > The unstable package 5.0.4-1 is of course already fixed. > > Upstream fix: > https://github.com/ioguix/phppgadmin/commit/5f8a1f6307f095fb69050cef01109373b88b558e > > Updated package: http://people.debian.org/~myon/phppgadmin/ Thanks for working on this. Please fix this through a stable point update, this doesn't warrant a DSA. Cheers, Moritz ----- End forwarded message ----- Christoph -- cb@df7cb.de | http://www.df7cb.de/
Attachment:
signature.asc
Description: Digital signature