* SECURITY UPDATE: arbitrary file disclosure via directory traversal in
bs_disp_as_mime_type.php
- debian/patches/041-security-CVE-2009-1148.dpatch: check parameters
before using in bs_disp_as_mime_type.php.
- CVE-2009-1148
* SECURITY UPDATE: arbitrary HTTP headers injection via CRLF injection in
bs_disp_as_mime_type.php
- Fixed in the CVE-2009-1148 patch
- CVE-2009-1149
* SECURITY UPDATE: code injection via multiple cross-site scripting
vulnerabilities in display_export.lib.php
- debian/patches/042-security-CVE-2009-1150.dpatch: strip special chars
in libraries/display_export.lib.php.
- CVE-2009-1150
* SECURITY UPDATE: code injection via configuration files
- debian/patches/043-security-CVE-2009-1285.dpatch: clean up key names
in setup/lib/ConfigFile.class.php.
- CVE-2009-1285
* SECURITY UPDATE: code injection via cross-site scripting from crafted
SQL bookmark
- debian/patches/044-security-CVE-2009-2284.dpatch: strip special
characters in libraries/common.lib.php and sql.php.
- CVE-2009-2284
phpmyadmin (4:3.1. 2-1ubuntu0. 1) jaunty-security; urgency=low
* SECURITY UPDATE: arbitrary file disclosure via directory traversal in disp_as_ mime_type. php patches/ 041-security- CVE-2009- 1148.dpatch: check parameters as_mime_ type.php. disp_as_ mime_type. php export. lib.php patches/ 042-security- CVE-2009- 1150.dpatch: strip special chars display_ export. lib.php. patches/ 043-security- CVE-2009- 1285.dpatch: clean up key names ConfigFile. class.php. patches/ 044-security- CVE-2009- 2284.dpatch: strip special common. lib.php and sql.php.
bs_
- debian/
before using in bs_disp_
- CVE-2009-1148
* SECURITY UPDATE: arbitrary HTTP headers injection via CRLF injection in
bs_
- Fixed in the CVE-2009-1148 patch
- CVE-2009-1149
* SECURITY UPDATE: code injection via multiple cross-site scripting
vulnerabilities in display_
- debian/
in libraries/
- CVE-2009-1150
* SECURITY UPDATE: code injection via configuration files
- debian/
in setup/lib/
- CVE-2009-1285
* SECURITY UPDATE: code injection via cross-site scripting from crafted
SQL bookmark
- debian/
characters in libraries/
- CVE-2009-2284
-- Marc Deslauriers <email address hidden> Sun, 05 Jul 2009 09:50:12 -0400