CVE-2015-7873: Content spoofing vulnerability when redirecting user to an external site
Bug #1510521 reported by
Julian Ladisch
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| phpmyadmin (Ubuntu) |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
https:/
"Affected Versions
Versions 4.4.x (prior to 4.4.15.1) and 4.5.x (prior to 4.5.1) are affected."
"Solution
Upgrade to phpMyAdmin 4.4.15.1 or newer, or 4.5.1 or newer".
Ubuntu
Xenial phpmyadmin_
Wily phpmyadmin_
Vivid phpmyadmin_
Trusty phpmyadmin_
Precise phpmyadmin_
Related branches
lp:~julian-ladisch/ubuntu/wily/phpmyadmin/4.4.15.1-1
- Marc Deslauriers: Needs Fixing
-
Diff: 8583 lines (+2921/-2024)71 files modified.pc/setup-message.patch/setup/frames/index.inc.php (+1/-0)
ChangeLog (+32/-0)
README (+1/-1)
RELEASE-DATE-4.4.13.1 (+0/-1)
RELEASE-DATE-4.4.15.1 (+1/-0)
debian/changelog (+15/-0)
debian/patches/setup-message.patch (+5/-3)
doc/conf.py (+1/-1)
doc/html/.buildinfo (+1/-1)
doc/html/_sources/require.txt (+1/-1)
doc/html/config.html (+5/-5)
doc/html/copyright.html (+5/-5)
doc/html/credits.html (+5/-5)
doc/html/developers.html (+5/-5)
doc/html/faq.html (+5/-5)
doc/html/genindex.html (+5/-5)
doc/html/glossary.html (+5/-5)
doc/html/import_export.html (+5/-5)
doc/html/index.html (+5/-5)
doc/html/intro.html (+5/-5)
doc/html/other.html (+5/-5)
doc/html/privileges.html (+5/-5)
doc/html/require.html (+6/-6)
doc/html/search.html (+5/-5)
doc/html/setup.html (+5/-5)
doc/html/transformations.html (+5/-5)
doc/html/user.html (+5/-5)
doc/html/vendors.html (+5/-5)
doc/require.rst (+1/-1)
import.php (+1/-1)
js/functions.js (+2/-1)
js/line_counts.php (+10/-10)
js/pmd/move.js (+6/-5)
js/tbl_operations.js (+4/-1)
libraries/Config.class.php (+1/-1)
libraries/DatabaseInterface.class.php (+34/-32)
libraries/DisplayResults.class.php (+3/-1)
libraries/Scripts.class.php (+10/-5)
libraries/Util.class.php (+4/-153)
libraries/VersionInformation.php (+270/-0)
libraries/config/messages.inc.php (+1/-0)
libraries/dbi/DBIDummy.class.php (+6/-2)
libraries/language_stats.inc.php (+9/-9)
libraries/phpseclib/Crypt/AES.php (+74/-130)
libraries/phpseclib/Crypt/Base.php (+913/-400)
libraries/phpseclib/Crypt/Random.php (+60/-81)
libraries/phpseclib/Crypt/Rijndael.php (+347/-680)
libraries/phpseclib/LICENSE (+21/-0)
libraries/plugins/auth/AuthenticationCookie.class.php (+18/-41)
libraries/plugins/auth/recaptcha/ReCaptcha/ReCaptcha.php (+97/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod.php (+42/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Post.php (+70/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Socket.php (+104/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/SocketPost.php (+120/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/RequestParameters.php (+103/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/Response.php (+102/-0)
libraries/plugins/auth/recaptcha/autoload.php (+38/-0)
libraries/plugins/auth/recaptcha/recaptchalib.php (+0/-140)
libraries/plugins/import/ImportSql.class.php (+1/-1)
libraries/rte/rte_routines.lib.php (+5/-0)
libraries/server_privileges.lib.php (+1/-1)
libraries/structure.lib.php (+6/-3)
libraries/tbl_relation.lib.php (+8/-6)
setup/frames/index.inc.php (+1/-0)
setup/lib/index.lib.php (+12/-5)
tbl_replace.php (+1/-1)
tbl_row_action.php (+10/-0)
themes/original/sprites.lib.php (+114/-99)
themes/pmahomme/sprites.lib.php (+125/-110)
url.php (+2/-1)
version_check.php (+15/-4)
CVE References
| information type: | Private Security → Public Security |
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #1 |
| Changed in phpmyadmin (Ubuntu): | |
| status: | New → Incomplete |
Revision history for this message
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in phpmyadmin (Ubuntu): | |
| status: | Incomplete → Expired |
To post a comment you must log in.
Thank you for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. I see that you have attached patches to update the Ubuntu packages to the new upstream version. While this work is appreciated, we cannot publish your patches because this does not follow Ubuntu's policy of backporting security patches. If you are able, perhaps you could prepare debdiffs to fix this by following https:/