Ubuntu
phpmyadmin package

CVE-2014-9218: DoS vulnerability with long passwords.

Bug #1441669 reported by Julian Ladisch on 2015-04-08

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	phpmyadmin (Ubuntu)	Expired	Undecided	Unassigned

Bug Description

http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php

"Severity: We consider this vulnerability to be serious."

"Affected Versions: Versions 4.0.x (prior to 4.0.10.7) […] and 4.2.x (prior to 4.2.13.1) are affected."

"Solution: Upgrade to phpMyAdmin 4.0.10.7 or newer, […] or 4.2.13.1 or newer"

Distribution:
- 14.04LTS trusty has 4.0.10, needs upgrade/patch
- 14.10 utopic has 4.2.6, needs upgrade/patch
- 15.04 vivid has 4.2.12, needs upgrade/patch

CVE References

2014-9218

Julian Ladisch (julian-ladisch) on 2015-04-08

information type:

Private Security → Public

Revision history for this message

Tyler Hicks (tyhicks) wrote on 2015-04-08:

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

Changed in phpmyadmin (Ubuntu):
status:	New → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-06-08:

[Expired for phpmyadmin (Ubuntu) because there has been no activity for 60 days.]

Changed in phpmyadmin (Ubuntu):
status:	Incomplete → Expired

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuphpmyadmin package