Your message dated Wed, 06 Apr 2005 04:47:12 -0400
with message-id <[EMAIL PROTECTED]>
and subject line Bug#303142: fixed in phpmyadmin 3:2.6.2-rc1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 5 Apr 2005 01:15:49 +0000
>From [EMAIL PROTECTED] Mon Apr 04 18:15:49 2005
Return-path: <[EMAIL PROTECTED]>
Received: from inutil.org (vserver151.vserver151.serverflex.de)
[193.22.164.111]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DIcfM-00031d-01; Mon, 04 Apr 2005 18:15:40 -0700
Received: from p54894c51.dip.t-dialin.net ([84.137.76.81]
helo=localhost.localdomain)
by vserver151.vserver151.serverflex.de with esmtpsa
(TLS-1.0:RSA_AES_256_CBC_SHA:32)
(Exim 4.50)
id 1DIYzn-0000N2-0B
for [EMAIL PROTECTED]; Mon, 04 Apr 2005 23:20:31 +0200
Received: from jmm by localhost.localdomain with local (Exim 4.50)
id 1DIYzk-0002UX-13; Mon, 04 Apr 2005 23:20:28 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Moritz Muehlenhoff <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: phpmyadmin: Cross-Site-Scriping vulnerability in convcharset
X-Mailer: reportbug 3.9
Date: Mon, 04 Apr 2005 23:20:27 +0200
X-Debbugs-Cc: [EMAIL PROTECTED]
Message-Id: <[EMAIL PROTECTED]>
X-SA-Exim-Connect-IP: 84.137.76.81
X-SA-Exim-Mail-From: [EMAIL PROTECTED]
X-SA-Exim-Scanned: No (on vserver151.vserver151.serverflex.de); SAEximRunCond
expanded to false
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-11.0 required=4.0 tests=BAYES_00,HAS_PACKAGE,
X_DEBBUGS_CC autolearn=ham version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Package: phpmyadmin
Severity: grave
Tags: security
Justification: user security hole
[Might affect stable, packages.d.o is currently unreachable, so I can't
check]
There's a cross-site-scripting vulnerability in phpmyadmin due to inproper
input validation of convcharset data.
For full details please see
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3
Cheers,
Moritz
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15)
---------------------------------------
Received: (at 303142-close) by bugs.debian.org; 6 Apr 2005 08:53:06 +0000
>From [EMAIL PROTECTED] Wed Apr 06 01:53:06 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DJ6Ha-0005Aj-00; Wed, 06 Apr 2005 01:53:06 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DJ6Bs-00051L-00; Wed, 06 Apr 2005 04:47:12 -0400
From: Piotr Roszatycki <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#303142: fixed in phpmyadmin 3:2.6.2-rc1-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Wed, 06 Apr 2005 04:47:12 -0400
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: phpmyadmin
Source-Version: 3:2.6.2-rc1-1
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:
phpmyadmin_2.6.2-rc1-1.diff.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-rc1-1.diff.gz
phpmyadmin_2.6.2-rc1-1.dsc
to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-rc1-1.dsc
phpmyadmin_2.6.2-rc1-1_all.deb
to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-rc1-1_all.deb
phpmyadmin_2.6.2-rc1.orig.tar.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-rc1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Piotr Roszatycki <[EMAIL PROTECTED]> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 5 Apr 2005 15:17:25 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 3:2.6.2-rc1-1
Distribution: unstable
Urgency: high
Maintainer: Piotr Roszatycki <[EMAIL PROTECTED]>
Changed-By: Piotr Roszatycki <[EMAIL PROTECTED]>
Description:
phpmyadmin - set of PHP-scripts to administrate MySQL over the WWW
Closes: 303142
Changes:
phpmyadmin (3:2.6.2-rc1-1) unstable; urgency=high
.
* New upstream release.
* Security fix: Cross-Site Scripting vulnerability.
See http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3
Closes: #303142.
* Don't enable PHP if mod_fcgid is loaded in Apache 2.x.
Files:
807d9a3f54c22e183f1e1449f147e6d6 604 web extra phpmyadmin_2.6.2-rc1-1.dsc
f6ea282c799f810e12d59ef6ccf6be90 2618827 web extra
phpmyadmin_2.6.2-rc1.orig.tar.gz
fe187447dca1a25a20003a7caaf3c5d0 27096 web extra phpmyadmin_2.6.2-rc1-1.diff.gz
2a74865fa098a74143ad52a69d2125ac 2750096 web extra
phpmyadmin_2.6.2-rc1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCUujrhMHHe8CxClsRAleMAJ9dm+2JZXbmcOZxKhVvy66cjS8yzACfRUJl
0rgzBro6+KhOnvpAqn9LA64=
=qQuH
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
