Fix CVE-2010-4480 and CVE-2010-4481
Bug #696857 reported by
Micah Gersten
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpmyadmin (Ubuntu) |
Fix Released
|
Low
|
Micah Gersten | ||
Karmic |
Won't Fix
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Unassigned | ||
Maverick |
Fix Released
|
Low
|
Unassigned | ||
Natty |
Fix Released
|
Low
|
Micah Gersten |
Bug Description
Please sync phpmyadmin 4:3.3.7-3 (universe) from Debian unstable (main)
Changelog entries since current maverick version 4:3.3.7-2:
phpmyadmin (4:3.3.7-3) unstable; urgency=high
* Address two security issues (Closes: #608290):
- It was possible to display arbitrary text and link to external site
using parameters passed to particular script
(CVE-2010-4480, PMASA-2010-9).
- Phpinfo could be visible to not logged in users if this feature was
enabled (minor issue; CVE-2010-4481, PMASA-2010-10).
-- Thijs Kinkhorst <email address hidden> Thu, 30 Dec 2010 17:48:08 +0100
Related branches
Changed in phpmyadmin (Ubuntu): | |
importance: | Undecided → Wishlist |
security vulnerability: | no → yes |
summary: |
- Sync phpmyadmin 4:3.3.7-3 (universe) from Debian testing (main) to - maverick-security + Fix CVE-2010-4480 and CVE-2010-4481 |
Changed in phpmyadmin (Ubuntu Lucid): | |
status: | Incomplete → Fix Released |
To post a comment you must log in.
These are low priority security fixes, so I'm waiting for the 3.3.9 release to Debian experimental which will hopefully include these (and then be sync'd to natty) before subscribing security sponsors for this.