[phpmyadmin] [CVE-2008-1567 CVE-2008-1924] insufficient input sanitising
Bug #227283 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpmyadmin (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
William Grant | ||
Intrepid |
Fix Released
|
High
|
Unassigned |
Bug Description
Binary package hint: phpmyadmin
References:
DSA-1557-1 (http://
Quoting:
"CVE-2008-1924
Attackers with CREATE table permissions were allowed to read
arbitrary files readable by the webserver via a crafted
HTTP POST request.
CVE-2008-1567
The PHP session data file stored the username and password of
a logged in user, which in some setups can be read by a local
user."
Note: CVE-2008-1149 has been treated in Bug #198745.
Related branches
Changed in phpmyadmin: | |
importance: | Undecided → High |
status: | New → Triaged |
Changed in phpmyadmin: | |
status: | Triaged → Fix Released |
assignee: | nobody → wgrant |
importance: | Undecided → High |
status: | New → In Progress |
Changed in phpmyadmin: | |
status: | In Progress → Fix Committed |
To post a comment you must log in.
for intrepid, sync requested in Bug #227261