* SECURITY UPDATE: sensitive data in session files, reading of arbitrary
files by users with the CREATE privilege. (LP: #227283)
- debian/patches/051_CVE-2008-1567.dpatch: Add. Don't save sensitive
information in session files. Patch from upstream SVN.
- debian/patches/052_CVE-2008-1924.dpatch: Add. Confirm that the upload
directory is set. Patch from upstream SVN.
- References:
+ CVE-2008-1567
+ CVE-2008-1924
+ PMASA-2008-2
+ PMASA-2008-3
-- William Grant <email address hidden> Fri, 30 May 2008 18:43:32 +1000
This bug was fixed in the package phpmyadmin - 4:2.11.3-1ubuntu1.1
--------------- 3-1ubuntu1. 1) hardy-security; urgency=low
phpmyadmin (4:2.11.
* SECURITY UPDATE: sensitive data in session files, reading of arbitrary patches/ 051_CVE- 2008-1567. dpatch: Add. Don't save sensitive patches/ 052_CVE- 2008-1924. dpatch: Add. Confirm that the upload
files by users with the CREATE privilege. (LP: #227283)
- debian/
information in session files. Patch from upstream SVN.
- debian/
directory is set. Patch from upstream SVN.
- References:
+ CVE-2008-1567
+ CVE-2008-1924
+ PMASA-2008-2
+ PMASA-2008-3
-- William Grant <email address hidden> Fri, 30 May 2008 18:43:32 +1000