* SECURITY UPDATE: remote code execution via PHP sequences in sort_by
parameter
- debian/patches/041-security-CVE-2008-4096.dpatch: add new
PMA_usort_comparison_callback in libraries/database_interface.lib.php
- CVE-2008-4096
* SECURITY UPDATE: cross-site scripting via NUL byte
- debian/patches/042-security-CVE-2008-4326.dpatch: remove NUL bytes
in libraries/js_escape.lib.php.
- CVE-2008-4326
* SECURITY UPDATE: cross-site scripting in pmd_pdf.php when
register_globals is enabled
- debian/patches/043-security-CVE-2008-4775.dpatch: use
PMA_generate_common_hidden_inputs in pmd_pdf.php.
- CVE-2008-4775
* SECURITY UPDATE: code execution via CSRF vulnerability (LP: #306699)
- debian/patches/044-security-CVE-2008-5621.dpatch: use PMA_backquote
instead of PMA_sqlAddslashes in libraries/db_table_exists.lib.php.
- CVE-2008-5621
* SECURITY UPDATE: code injection via multiple cross-site scripting
vulnerabilities in display_export.lib.php
- debian/patches/045-security-CVE-2009-1150.dpatch: strip special chars
in libraries/display_export.lib.php.
- CVE-2009-1150
* SECURITY UPDATE: code injection from PHP code in a configuration file
via the save action.
- debian/patches/046-security-CVE-2009-1151.dpatch: filter $key in
scripts/setup.php.
- CVE-2009-1151
phpmyadmin (4:2.11. 8.1-1ubuntu0. 1) intrepid-security; urgency=low
* SECURITY UPDATE: remote code execution via PHP sequences in sort_by patches/ 041-security- CVE-2008- 4096.dpatch: add new usort_compariso n_callback in libraries/ database_ interface. lib.php patches/ 042-security- CVE-2008- 4326.dpatch: remove NUL bytes js_escape. lib.php. globals is enabled patches/ 043-security- CVE-2008- 4775.dpatch: use generate_ common_ hidden_ inputs in pmd_pdf.php. patches/ 044-security- CVE-2008- 5621.dpatch: use PMA_backquote db_table_ exists. lib.php. export. lib.php patches/ 045-security- CVE-2009- 1150.dpatch: strip special chars display_ export. lib.php. patches/ 046-security- CVE-2009- 1151.dpatch: filter $key in setup.php.
parameter
- debian/
PMA_
- CVE-2008-4096
* SECURITY UPDATE: cross-site scripting via NUL byte
- debian/
in libraries/
- CVE-2008-4326
* SECURITY UPDATE: cross-site scripting in pmd_pdf.php when
register_
- debian/
PMA_
- CVE-2008-4775
* SECURITY UPDATE: code execution via CSRF vulnerability (LP: #306699)
- debian/
instead of PMA_sqlAddslashes in libraries/
- CVE-2008-5621
* SECURITY UPDATE: code injection via multiple cross-site scripting
vulnerabilities in display_
- debian/
in libraries/
- CVE-2009-1150
* SECURITY UPDATE: code injection from PHP code in a configuration file
via the save action.
- debian/
scripts/
- CVE-2009-1151
-- Marc Deslauriers <email address hidden> Sun, 05 Jul 2009 10:16:05 -0400