Your message dated Tue, 18 Dec 2007 07:52:53 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#446451: fixed in phpmyadmin 4:2.9.1.1-6
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: phpmyadmin
Severity: grave
Tags: security
Justification: user security hole
Hi
The following CVE[0] has been issued against phpmyadmin.
You can find a patch below.
CVE-2007-5386:
Cross-site scripting (XSS) vulnerability in scripts/setup.php
in phpMyAdmin 2.11.1, when accessed by a browser that does
not URL-encode requests, allows remote attackers to inject
arbitrary web script or HTML via the query string. NOTE: some
of these details are obtained from third party information.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5386
diff -u phpmyadmin-2.11.1/debian/changelog phpmyadmin-2.11.1/debian/changelog
--- phpmyadmin-2.11.1/debian/changelog
+++ phpmyadmin-2.11.1/debian/changelog
@@ -1,3 +1,11 @@
+phpmyadmin (4:2.11.1-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the testing-security team
+ * Include upstream patch for XSS vulnerability in scripts/setup.php
+ Fixes: CVE-2007-5386
+
+ -- Steffen Joeris <[EMAIL PROTECTED]> Sat, 13 Oct 2007 05:12:44 +0000
+
phpmyadmin (4:2.11.1-1) unstable; urgency=low
* New upstream release.
diff -u phpmyadmin-2.11.1/debian/patches/00list
phpmyadmin-2.11.1/debian/patches/00list
--- phpmyadmin-2.11.1/debian/patches/00list
+++ phpmyadmin-2.11.1/debian/patches/00list
@@ -3,0 +4 @@
+041-CVE-2007-5386
only in patch2:
unchanged:
--- phpmyadmin-2.11.1.orig/debian/patches/041-CVE-2007-5386.dpatch
+++ phpmyadmin-2.11.1/debian/patches/041-CVE-2007-5386.dpatch
@@ -0,0 +1,21 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Fix CVE-2007-5386
+
[EMAIL PROTECTED]@
+
+--- ../old/phpmyadmin-2.11.1/scripts/setup.php 2007-09-20 16:35:14.000000000
+0000
++++ phpmyadmin-2.11.1/scripts/setup.php 2007-10-13 05:10:49.000000000
+0000
+@@ -1951,7 +1951,10 @@
+ if (empty($_SERVER['REQUEST_URI']) ||
empty($_SERVER['HTTP_HOST'])) {
+ $redir = '';
+ } else {
+- $redir = ' If your server is also configured to accept HTTPS
request follow <a href="https://' . $_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI'] . '">this link</a> to use secure connection.';
++ $redir = ' If your server is also configured to accept HTTPS
request'
++ . ' follow <a href="https://'
++ . htmlspecialchars($_SERVER['HTTP_HOST'] .
$_SERVER['REQUEST_URI'])
++ . '">this link</a> to use secure connection.';
+ }
+ message('warning', 'You are not using secure connection, all data
(including sensitive, like passwords) are transfered unencrypted!' . $redir,
'Not secure connection');
+ }
--- End Message ---
--- Begin Message ---
Source: phpmyadmin
Source-Version: 4:2.9.1.1-6
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:
phpmyadmin_2.9.1.1-6.diff.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-6.diff.gz
phpmyadmin_2.9.1.1-6.dsc
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-6.dsc
phpmyadmin_2.9.1.1-6_all.deb
to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 7 Nov 2007 14:41:34 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.1.1-6
Distribution: stable-security
Urgency: high
Maintainer: Thijs Kinkhorst <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description:
phpmyadmin - Administrate MySQL over the WWW
Closes: 446451
Changes:
phpmyadmin (4:2.9.1.1-6) stable-security; urgency=high
.
* Update for etch to address a security issue.
* Cross-site scripting (XSS) vulnerability in scripts/setup.php in
phpMyAdmin 2.11.1, when accessed by a browser that does not
URL-encode requests, allows remote attackers to inject arbitrary
web script or HTML via the query string.
(CVE-2007-5386, PMASA-2007-5, closes: #446451)
.
phpmyadmin (4:2.9.1.1-5) stable-security; urgency=high
.
* Update for etch to address a security issue.
* Muliple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
common.lib.php in libraries/; and certain input available in PHP_SELF and
(2) PATH_INFO in libraries/common.inc.php.
(CVE-2007-5589, PMASA-2007-6)
Files:
130531a7ffe3fd67421985abc0d7e3c1 1011 web extra phpmyadmin_2.9.1.1-6.dsc
0ea3fc9730fb32d1587e0757d3fbee25 49749 web extra phpmyadmin_2.9.1.1-6.diff.gz
be23322772089af7b429c01b65fe1469 3606276 web extra phpmyadmin_2.9.1.1-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iQEVAwUBRzHCuGz0hbPcukPfAQJIJAgAinZVcf8SLMIy1ILBbr2EYeuhsOf4eJ1R
5cfdEYjDxDBPtag+WTr0BH3kSuej5iYTCjwh1JxE1z7DtAc5YdDT70XN/iELk6WO
6Usmx8xhC3PtwOxGyjxoAk9yKygshlWk7oRmM6sqMqIYPmzVzAV8W/jpzRadVt7z
1HIAuJGLXc0sjwFCazUVHheaALf/e4vSKcO2EHRVK/+djo5/Ef9RwuffMdr0owFW
QbsO3/ni/VrhNscpfLMhUxdGNd3I1YtDjFcO1vU3Fl4oOSZUksIl3PD7xSue8jEf
SpUaXZ167Edi5A1LEEWUgDefsWTL9MpS+V+ZEcKm3sRJ0wu1+Pk21Q==
=BKhS
-----END PGP SIGNATURE-----
--- End Message ---
