[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: PMASA-2005-6 when "register_globals = on"



On Tue, Nov 15, 2005 at 05:54:32PM +0100, Piotr Roszatycki wrote:
> http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 reports 
> that sarge's phpmyadmin package has a security flaw which is occured only if 
> "register_globals = on" setting is used.
> 
> This feature is disabled in Debian package by default so I doubt if this is 
> serious problem. I'd like to ask if I should prepare the new package for 
> sarge or not?
> 

According to the advisory, all versions < 2.6.4-pl4 are affected
(2.7.0-beta1 from the development schema).

This would mean that this affects sid and etch too. Has a bug been
filed/a CVE number assigned for this?

Cheers,
Neil
-- 
   __   
 .`  `. neilm@debian.org | Application Manager
 : :' ! ---------------- | Secure-Testing Team member
 '. `-  gpg: B345BDD3    | Webapps Team member
   `-   Please don't cc, I'm subscribed to the list



Reply to: