please sync phpmyadmin for intrepid with 4:2.11.8.1-5 from debian stable

For Jaunty the 4:3.1.2-1 (universe) is already synced from Debian experimental (main). See bug 324299 for more information.

Please note that the newest in debian stable is 4:2.11.8.1-5

I suggest that this bug would be marked as fixed/confirmed and dupplicate of bug 324299.

papukaija wrote:
> For Jaunty the 4:3.1.2-1 (universe) is already synced from Debian
> experimental (main). See bug 324299 for more information.
>
> Please note that the newest in debian stable is 4:2.11.8.1-5
>
> I suggest that this bug would be marked as fixed/confirmed and
> dupplicate of bug 324299.
>
>
Actually this was a request for a security sync with debian lenny.
Current Intrepid version is 2.11.8.1-1. I wanted someone to update to
the latest patch revision for that version.

Thanks,
Micah

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityUpdateProcedures

Marking High per serious severity on phpmyadmin.net

This bug was fixed in the package phpmyadmin - 4:2.11.3-1ubuntu1.2

---------------
phpmyadmin (4:2.11.3-1ubuntu1.2) hardy-security; urgency=low

  [ Jonathan Davies ]
  * SECURITY UPDATE: Insufficient output sanitizing when generating
    configuration file (LP: #387215).
    - debian/patches/053_CVE-2009-1151.dpatch: Added. Do not output unescaped
      chars to generated configuration file. Patch from upstream SVN revision
      12301.
    - References:
      + CVE-2009-1151
      + PMASA-2009-3

  [ Marc Deslauriers ]
  * SECURITY UPDATE: authorization bypass via cross-site request forgery
    - debian/patches/054_CVE-2008-3197.dpatch: use a token in index.php,
      js/querywindow.js and libraries/footer.inc.php. Use a "new_db"
      parameter in db_create.php, libraries/common.inc.php and
      libraries/display_create_database.lib.php.
    - CVE-2008-3197
  * SECURITY UPDATE: spoofing or fishing via cross-site framing attack
    (LP: #259839)
    - debian/patches/055_CVE-2008-3456.dpatch: Introduce new
      AllowThirdPartyFraming configuration boolean that allows phpMyAdmin
      to be included from a document located on another domain.
    - CVE-2008-3456
  * SECURITY UPDATE: code injection via cross-site scripting in setup.php
    (LP: #259839)
    - debian/patches/056_CVE-2008-3457.dpatch: clean $val[1] in
      scripts/setup.php.
    - CVE-2008-3457
  * SECURITY UPDATE: remote code execution via PHP sequences in sort_by
    parameter
    - debian/patches/057_CVE-2008-4096.dpatch: add new
      PMA_usort_comparison_callback in libraries/database_interface.lib.php
    - CVE-2008-4096
  * SECURITY UPDATE: cross-site scripting via NUL byte
    - debian/patches/058_CVE-2008-4326.dpatch: remove NUL bytes in
      libraries/js_escape.lib.php.
    - CVE-2008-4326
  * SECURITY UPDATE: cross-site scripting in pmd_pdf.php when
    register_globals is enabled
    - debian/patches/059_CVE-2008-4775.dpatch: use
      PMA_generate_common_hidden_inputs in pmd_pdf.php.
    - CVE-2008-4775
  * SECURITY UPDATE: code execution via CSRF vulnerability (LP: #306699)
    - debian/patches/060_CVE-2008-5621.dpatch: use PMA_backquote instead of
      PMA_sqlAddslashes in libraries/db_table_exists.lib.php.
    - CVE-2008-5621
  * SECURITY UPDATE: code injection via multiple cross-site scripting
    vulnerabilities in display_export.lib.php
    - debian/patches/061_CVE-2009-1150.dpatch: strip special chars in
      libraries/display_export.lib.php.
    - CVE-2009-1150

 -- Marc Deslauriers <email address hidden> Sun, 05 Jul 2009 11:29:29 -0400