security: phpmyadmin in dapper vulnerable to CVE-2009-1151
Bug #418692 reported by
John Keith Hohm
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpmyadmin (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Karmic |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: phpmyadmin
The package provides a writable config directory (actually a config.inc.php symlink into /var/lib/
The CVE description incorrectly states this only affects 2.11.x and 3.x, 2.8.x is vulnerable and still unpatched in phpmyadmin SVN. Fortunately the following patch applies pretty cleanly to 2.8.0.3 (cleaned-up patch attached):
To post a comment you must log in.
Karmic not affected