Ubuntu
phpmyadmin package

  1. Bug #227283
  2. Comment #4

Comment 4 for bug 227283

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package phpmyadmin - 4:2.11.3-1ubuntu1.1

---------------
phpmyadmin (4:2.11.3-1ubuntu1.1) hardy-security; urgency=low

  * SECURITY UPDATE: sensitive data in session files, reading of arbitrary
    files by users with the CREATE privilege. (LP: #227283)
    - debian/patches/051_CVE-2008-1567.dpatch: Add. Don't save sensitive
      information in session files. Patch from upstream SVN.
    - debian/patches/052_CVE-2008-1924.dpatch: Add. Confirm that the upload
      directory is set. Patch from upstream SVN.
    - References:
      + CVE-2008-1567
      + CVE-2008-1924
      + PMASA-2008-2
      + PMASA-2008-3

 -- William Grant <email address hidden> Fri, 30 May 2008 18:43:32 +1000