Piotr Roszatycki wrote:
On Thursday 22 of September 2005 16:29, micah wrote:
Piotr,
I notice that you fixed some of these issues in your most recent
unstable upload, but the others which you identify below were not
included... at least its not obvious from the unstable changelog, I
assume that its the "four more vulnerabilities reported and fixed
directly in phpMyAdmin's CVS"?
They are all fixed in 2.6.4 release. Try to grep on XSS for ChangeLog
available at
http://cvs.sourceforge.net/viewcvs.py/phpmyadmin/phpMyAdmin/ChangeLog?rev=2.1272&view=auto
I didn't describe them in changelog for unstable release, beacuse the upstream
did not describe, too.
The sarge backported package is described verbosely, beacuse the fixes are
provided carefully in separated patches.
It would be nice to note these in unstable (especially CAN numbers) in
the future, as those of us doing testing-security track these sorts of
things and will continue to ping you asking you about this sort of thing
because it is not obvious in the changelog.
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
