Re: PMASA-2005-6 when "register_globals = on"

To: Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl>
Cc: Debian Security Team <team@security.debian.org>, debian-security@lists.debian.org
Subject: Re: PMASA-2005-6 when "register_globals = on"
From: Neil McGovern <neilm@debian.org>
Date: Tue, 15 Nov 2005 20:26:31 +0000
Message-id: <[🔎] 20051115202631.GE11324@mx0.halon.org.uk>
Mail-followup-to: Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl>, Debian Security Team <team@security.debian.org>, debian-security@lists.debian.org
In-reply-to: <[🔎] 200511151754.32997.Piotr_Roszatycki@netia.net.pl>
References: <[🔎] 200511151754.32997.Piotr_Roszatycki@netia.net.pl>

On Tue, Nov 15, 2005 at 05:54:32PM +0100, Piotr Roszatycki wrote:
> http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 reports 
> that sarge's phpmyadmin package has a security flaw which is occured only if 
> "register_globals = on" setting is used.
> 
> This feature is disabled in Debian package by default so I doubt if this is 
> serious problem. I'd like to ask if I should prepare the new package for 
> sarge or not?
> 

According to the advisory, all versions < 2.6.4-pl4 are affected
(2.7.0-beta1 from the development schema).

This would mean that this affects sid and etch too. Has a bug been
filed/a CVE number assigned for this?

Cheers,
Neil
-- 
   __   
 .`  `. neilm@debian.org | Application Manager
 : :' ! ---------------- | Secure-Testing Team member
 '. `-  gpg: B345BDD3    | Webapps Team member
   `-   Please don't cc, I'm subscribed to the list

Reply to:

Follow-Ups:
- Re: PMASA-2005-6 when "register_globals = on"
  - From: Martin Schulze <joey@infodrom.org>

References:
- PMASA-2005-6 when "register_globals = on"
  - From: Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl>

Prev by Date: PMASA-2005-6 when "register_globals = on"
Next by Date: Re: PMASA-2005-6 when "register_globals = on"
Previous by thread: PMASA-2005-6 when "register_globals = on"
Next by thread: Re: PMASA-2005-6 when "register_globals = on"
Index(es):
- Date
- Thread