Your message dated Sun, 02 Jan 2011 13:57:51 +0000
with message-id <e1pzort-0001mn...@franck.debian.org>
and subject line Bug#608290: fixed in phpmyadmin 4:2.11.8.1-5+lenny7
has caused the Debian Bug report #608290,
regarding CVE-2010-4480 CVE-2010-4481
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
608290: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608290
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: phpmyadmin
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for phpmyadmin.
CVE-2010-4480[0]:
| error.php in PhpMyAdmin 3.3.8.1, and other versions before
| 3.4.0-beta1, allows remote attackers to conduct cross-site scripting
| (XSS) attacks via a crafted BBcode tag containing "@" characters, as
| demonstrated using "[...@url@page]".
CVE-2010-4481[1]:
| phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass
| authentication and obtain sensitive information via a direct request
| to phpinfo.php, which calls the phpinfo function.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4480
http://security-tracker.debian.org/tracker/CVE-2010-4480
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4481
http://security-tracker.debian.org/tracker/CVE-2010-4481
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk0bdHwACgkQNxpp46476aofUACfaJ8qZk9hruUgU4JuL5t+oDW7
nVkAn2VBTXIrA3x0z85C7DUdLnRo/fkj
=pVQM
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: phpmyadmin
Source-Version: 4:2.11.8.1-5+lenny7
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:
phpmyadmin_2.11.8.1-5+lenny7.diff.gz
to main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny7.diff.gz
phpmyadmin_2.11.8.1-5+lenny7.dsc
to main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny7.dsc
phpmyadmin_2.11.8.1-5+lenny7_all.deb
to main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny7_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 608...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thijs Kinkhorst <th...@debian.org> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 31 Dec 2010 14:07:44 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.11.8.1-5+lenny7
Distribution: stable-security
Urgency: high
Maintainer: Thijs Kinkhorst <th...@debian.org>
Changed-By: Thijs Kinkhorst <th...@debian.org>
Description:
phpmyadmin - MySQL web administration tool
Closes: 608290
Changes:
phpmyadmin (4:2.11.8.1-5+lenny7) stable-security; urgency=high
.
* Upload to stable to fix security issues (Closes: #608290).
* Fix XSS on search (PMASA-2010-8, CVE-2010-4329).
* Fix text/link injection on error (PMASA-2010-9, CVE-2010-4480).
* Phpinfo when enabled was worldaccessible (PMASA-2010-10, CVE-2010-4481).
Checksums-Sha1:
6725fe50c23e5e67c10a3f652318004ad9f38372 1548 phpmyadmin_2.11.8.1-5+lenny7.dsc
1c9756eccf4100c0a88f1b3f640324f1494cc379 76647
phpmyadmin_2.11.8.1-5+lenny7.diff.gz
bf2186083dd78a633d3cedf1e1cb2fa8351f1384 2886534
phpmyadmin_2.11.8.1-5+lenny7_all.deb
Checksums-Sha256:
427df36c48f7a99723c2b0b2db2bee5105438cc47862e3edbbab013108a39e86 1548
phpmyadmin_2.11.8.1-5+lenny7.dsc
e732bfcf9280436ffae87a6b9ddc2abc440007b5a6524f01751caa499ee772d4 76647
phpmyadmin_2.11.8.1-5+lenny7.diff.gz
94d47f1bcbefe74d5fa07db8db0f584953dd68dbf0fb00800b30f12f2e3af66b 2886534
phpmyadmin_2.11.8.1-5+lenny7_all.deb
Files:
9097f5fd473824a1ba3080fd92a38805 1548 web extra
phpmyadmin_2.11.8.1-5+lenny7.dsc
fccd89eecce9a6a702f3dc16717efbe9 76647 web extra
phpmyadmin_2.11.8.1-5+lenny7.diff.gz
ea278bea0174d7e0706b5432b4dfdec7 2886534 web extra
phpmyadmin_2.11.8.1-5+lenny7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJNHdcgAAoJEOxfUAG2iX57FVMIAIx1QdUqNmuYH/N31MeiYtDJ
VmHAUEEx6vcPevXfb4kgy8EmZcUxmc6itaV31MHbjIAOW/q5CMBc3/Y2ycsJFmmh
NYaROX3y1qKJDXKmBMZP9D/RQ3z9vINAq4d/AR+Tv7Ents1pdwt5xM21Ahjp3uFR
0m98xEWx9YYcA6UTQWRfXi82bQlKoCLUD9rOcavGk6q+WLLwtTHuJGStwronw69Z
3CceLm97VJfsnBUdT4RSG9/PAO6fpZvP0VfbpMamz0Iuyf0tliHPVTSJWgWdnmsO
eJ6RpG9o4tga1PsXRf3cdIIFKDuAZEKnp+sPyMN+HBmvcaa29RPVbI3t1zybTu0=
=6BsD
-----END PGP SIGNATURE-----
--- End Message ---
