[Frugalware-darcs] homepage-ng: FSA55-phpmyadmin
voroskoi
voroskoi at frugalware.org
Thu Nov 23 21:54:13 CET 2006
Darcsweb-Url: http://darcs.frugalware.org/darcsweb/darcsweb.cgi?r=homepage-ng;a=darcs_commitdiff;h=20061123204939-dd049-ea9c65de2e9d9c9816a759a7f6ce93c1400134df.gz;
[FSA55-phpmyadmin
voroskoi <voroskoi at frugalware.org>**20061123204939] {
hunk ./frugalware/xml/security.xml 29
+ <fsa>
+ <id>55</id>
+ <date>2006-11-23</date>
+ <author>voroskoi</author>
+ <package>phpmyadmin</package>
+ <vulnerable>2.9.1_rc1-1siwenna1</vulnerable>
+ <unaffected>2.9.1.1-1siwenna1</unaffected>
+ <bts>http://bugs.frugalware.org/task/1417
+ http://bugs.frugalware.org/task/1469</bts>
+ <cve>http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5718</cve>
+ <desc>Input containing UTF-7 encoded characters passed to the script which displays error messages is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
+ Three other security issues fixed too, see http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-{7,8,9} for details.</desc>
+ </fsa>
}
More information about the Frugalware-darcs
mailing list