phpMyAdmin security announcement PMASA-2005-6 Announcement-ID: PMASA-2005-6 Date: 2005-11-15 Summary: HTTP Response Splitting vulnerability Description: Some scripts in phpMyAdmin are vulnerable to an HTTP Response Splitting attack. Severity: We consider these vulnerabilities to be serious. However, they can only be triggered on systems running with register_globals = on. Affected versions: We did not make an extensive verification on this. Probably all previous versions, and version 2.7.0-beta1 are affected. Solution: Upgrade to phpMyAdmin 2.6.4-pl4. For further information and in case of questions, please contact the phpMyAdmin team. Our website is http://www.phpmyadmin.net/.
web-apps please bump.
in cvs
Arches please test and mark stable.
sparc stable.
stable for x86
stable on hppa
stable on alpha
Stable on ppc.
amd64 done, last but not least ;)
This one is ready for GLSA decision.
I vote no. phpmyadmin isn't for me the best target for XSS or HTTP response splitting things, as it is typically restricted-access, Intranet-only. This one also requires register_globals=On...
Voting NO and closing.