Your message dated Mon, 24 Oct 2005 13:32:58 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#335306: fixed in phpmyadmin 4:2.6.4-pl3-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 23 Oct 2005 09:39:04 +0000
>From [EMAIL PROTECTED] Sun Oct 23 02:39:04 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail.enyo.de [212.9.189.167]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ETcJk-0005nc-00; Sun, 23 Oct 2005 02:39:04 -0700
Received: from deneb.vpn.enyo.de ([212.9.189.177] helo=deneb.enyo.de)
by albireo.enyo.de with esmtp id 1ETcJj-0002AP-De
for [EMAIL PROTECTED]; Sun, 23 Oct 2005 11:39:03 +0200
Received: from fw by deneb.enyo.de with local (Exim 4.54)
id 1ETcIR-0007Vj-4z
for [EMAIL PROTECTED]; Sun, 23 Oct 2005 11:37:43 +0200
From: Florian Weimer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Yet another local file inclusion vulnerability
Date: Sun, 23 Oct 2005 11:37:39 +0200
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: phpmyadmin
Tags: security
Severity: grave
This one seems to be different from the vulnerability mentioned in
Debian bug #333433.
From: Stefan Esser <[EMAIL PROTECTED]>
Subject: [Full-disclosure] Advisory 16/2005: phpMyAdmin Local File Inclusion
Vulnerability
To: full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Date: Sat, 22 Oct 2005 15:33:46 +0200
Message-ID: <[EMAIL PROTECTED]>
Hardened-PHP Project
www.hardened-php.net
-= Security Advisory =-
Advisory: phpMyAdmin Local File Inclusion Vulnerability
Release Date: 2005/10/22
Last Modified: 2005/10/22
Author: Stefan Esser [EMAIL PROTECTED]
Application: phpMyAdmin <= 2.6.4-pl2
Severity: A design flaw within phpMyAdmin allows inclusion
of arbitrary files, which usually leads to remote
code execution
Risk: Critical
Vendor Status: Vendor has released an updated version
References: http://www.hardened-php.net/advisory_162005.73.html
[...]
---------------------------------------
Received: (at 335306-close) by bugs.debian.org; 24 Oct 2005 20:38:46 +0000
>From [EMAIL PROTECTED] Mon Oct 24 13:38:46 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EU906-000415-00; Mon, 24 Oct 2005 13:32:58 -0700
From: Piotr Roszatycki <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#335306: fixed in phpmyadmin 4:2.6.4-pl3-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 24 Oct 2005 13:32:58 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: phpmyadmin
Source-Version: 4:2.6.4-pl3-1
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:
phpmyadmin_2.6.4-pl3-1.diff.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl3-1.diff.gz
phpmyadmin_2.6.4-pl3-1.dsc
to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl3-1.dsc
phpmyadmin_2.6.4-pl3-1_all.deb
to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl3-1_all.deb
phpmyadmin_2.6.4-pl3.orig.tar.gz
to pool/main/p/phpmyadmin/phpmyadmin_2.6.4-pl3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Piotr Roszatycki <[EMAIL PROTECTED]> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 24 Oct 2005 20:14:08 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.6.4-pl3-1
Distribution: unstable
Urgency: high
Maintainer: Piotr Roszatycki <[EMAIL PROTECTED]>
Changed-By: Piotr Roszatycki <[EMAIL PROTECTED]>
Description:
phpmyadmin - set of PHP-scripts to administrate MySQL over the WWW
Closes: 335306 335513
Changes:
phpmyadmin (4:2.6.4-pl3-1) unstable; urgency=high
.
* New upstream release.
* Security fix: (1) Local file inclusion vulnerability and (2) Cross-Site
Scripting vulnerability.
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3300
See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3301
Closes: #335306, #335513.
* Assigned CVE number for 4:2.6.4-pl2-1 bug fix.
Files:
b76157341450a63bbcbbbfa833f0e970 646 web extra phpmyadmin_2.6.4-pl3-1.dsc
69cc488cb259a5b6f2bd83c95d1b94d2 2777834 web extra
phpmyadmin_2.6.4-pl3.orig.tar.gz
9fcb9225e9ee4a0fe67960deef9366dd 30725 web extra phpmyadmin_2.6.4-pl3-1.diff.gz
3a0d95dba07006c4f6d89b0365bd6367 2923084 web extra
phpmyadmin_2.6.4-pl3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDXSrfhMHHe8CxClsRAudZAJ472YLaoGzJ9sT5pd787J4wutUfWQCg0SbX
jjJYiOWdfPwgoRzFV9hDOo0=
=m/Yg
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
