* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
- debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter special
characters in db_operations.php and db_structure.php.
- CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
(LP: #450505)
- debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter and
escape special characters in pdf_pages.php and pmd_pdf.php.
- CVE-2009-3697
* SECURITY UPDATE: code injection via configuration files (LP: #392324)
- Previous patch for CVE-2009-1285 was incomplete
- debian/patches/045-security-CVE-2009-1285-2.dpatch: do not allow user
to modify php code before saving in setup/frames/config.inc.php and
setup/config.php.
- CVE-2009-1285
-- Marc Deslauriers <email address hidden> Mon, 26 Oct 2009 08:55:07 -0400
This bug was fixed in the package phpmyadmin - 4:3.1.2-1ubuntu0.2
--------------- 2-1ubuntu0. 2) jaunty-security; urgency=low
phpmyadmin (4:3.1.
* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505) patches/ 046-security- CVE-2009- 3696-3697. dpatch: filter special patches/ 046-security- CVE-2009- 3696-3697. dpatch: filter and patches/ 045-security- CVE-2009- 1285-2. dpatch: do not allow user config. inc.php and config. php.
- debian/
characters in db_operations.php and db_structure.php.
- CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
(LP: #450505)
- debian/
escape special characters in pdf_pages.php and pmd_pdf.php.
- CVE-2009-3697
* SECURITY UPDATE: code injection via configuration files (LP: #392324)
- Previous patch for CVE-2009-1285 was incomplete
- debian/
to modify php code before saving in setup/frames/
setup/
- CVE-2009-1285
-- Marc Deslauriers <email address hidden> Mon, 26 Oct 2009 08:55:07 -0400