Re: PMASA-2005-6 when "register_globals = on"
On Tue, Nov 15, 2005 at 05:54:32PM +0100, Piotr Roszatycki wrote:
> http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 reports
> that sarge's phpmyadmin package has a security flaw which is occured only if
> "register_globals = on" setting is used.
>
> This feature is disabled in Debian package by default so I doubt if this is
> serious problem. I'd like to ask if I should prepare the new package for
> sarge or not?
>
According to the advisory, all versions < 2.6.4-pl4 are affected
(2.7.0-beta1 from the development schema).
This would mean that this affects sid and etch too. Has a bug been
filed/a CVE number assigned for this?
Cheers,
Neil
--
__
.` `. neilm@debian.org | Application Manager
: :' ! ---------------- | Secure-Testing Team member
'. `- gpg: B345BDD3 | Webapps Team member
`- Please don't cc, I'm subscribed to the list
Reply to: