phpmyadmin (4:2.10.3-1ubuntu0.1) gutsy-security; urgency=low * SECURITY UPDATE: Cross-site scripting via multiple vectors. (LP: #162599) * debian/patches/031_CVE-2007-5386.patch: Sanitise non-URL-encoded query strings in scripts/setup.php. Patch from Debian. * debian/patches/031_CVE-2007-5589.patch: Sanitise PHP_SELF and PATH_INFO inputs in a number of places. Patch from Debian. * debian/patches/032_CVE-2007-5976.patch: Sanitise database names before creating them (also covering CVE-2007-5977). Patch from upstream bug. * debian/patches/033_CVE-2007-6100.patch: Sanitise convcharset as displayed on authentication form. * References CVE-2007-5386 CVE-2007-5589 CVE-2007-5976 CVE-2007-5977 CVE-2007-6100 PMASA-2007-5 PMASA-2007-6 PMASA-2007-7 PMASA-2007-8
-- William Grant <[EMAIL PROTECTED]> Wed, 28 Nov 2007 00:29:25 +1100 ** Changed in: phpmyadmin (Ubuntu Gutsy) Status: Fix Committed => Fix Released ** Changed in: phpmyadmin (Ubuntu Feisty) Status: Fix Committed => Fix Released -- few serious security issues for phpMyAdmin https://bugs.launchpad.net/bugs/162599 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs