Bug#960396: web security flaws in src:adminer/4.7.1-1 in stable?

To: 960396@bugs.debian.org
Cc: team@security.debian.org, lamby@debian.org
Subject: Bug#960396: web security flaws in src:adminer/4.7.1-1 in stable?
From: Alexandre Rossi <niol@zincube.net>
Date: Mon, 8 Mar 2021 13:52:20 +0100
Message-id: <[🔎] 20210308125220.GA12988@zincube.net>
Reply-to: Alexandre Rossi <niol@zincube.net>, 960396@bugs.debian.org
In-reply-to: <YEMza61UbLCOAZJo@eldamar.lan>
References: <20200512084940.GA9131@zincube.net> <20210304130201.GA19039@zincube.net> <YEMza61UbLCOAZJo@eldamar.lan> <158927551089.12112.8716806333432440782.reportbug@ripley>

Hi,

Here is an updated debdiff per the security team advice adding also
changes from the original request.

Adding fixes for:

Fix open redirect if Adminer is accessible at //adminer.php%2F@
https://github.com/vrana/adminer/commit/6a2de873e194cf4bf3f2edb489ba98580a17a632

Fix XSS if Adminer is accessible at URL /data
https://github.com/vrana/adminer/commit/789ebc07bdac01ab8b99ad831eba872849eaa7fe

CVE-2020-35572

CVE-2021-21311

Thanks,

Alex

Attachment: adminer_4.7.1-1+deb10u1.debian.tar.xz
Description: application/xz

Reply to:

Prev by Date: Bug#984790: buster-pu: package libreoffice/1:6.1.5-3+deb10u7
Next by Date: Bug#981664: buster-pu: package privoxy/3.0.28-2
Previous by thread: Bug#984790: marked as done (buster-pu: package libreoffice/1:6.1.5-3+deb10u7)
Next by thread: Bug#981664: buster-pu: package privoxy/3.0.28-2
Index(es):
- Date
- Thread