Package: phpmyadmin Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for phpmyadmin. CVE-2010-4480[0]: | error.php in PhpMyAdmin 3.3.8.1, and other versions before | 3.4.0-beta1, allows remote attackers to conduct cross-site scripting | (XSS) attacks via a crafted BBcode tag containing "@" characters, as | demonstrated using "[...@url@page]". CVE-2010-4481[1]: | phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass | authentication and obtain sensitive information via a direct request | to phpinfo.php, which calls the phpinfo function. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4480 http://security-tracker.debian.org/tracker/CVE-2010-4480 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4481 http://security-tracker.debian.org/tracker/CVE-2010-4481 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk0bdHwACgkQNxpp46476aofUACfaJ8qZk9hruUgU4JuL5t+oDW7 nVkAn2VBTXIrA3x0z85C7DUdLnRo/fkj =pVQM -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
