Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 129037 - dev-db/phpmyadmin: cross-site scripting vulnerability (CAN-2006-1258)
Summary: dev-db/phpmyadmin: cross-site scripting vulnerability (CAN-2006-1258)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/d...
Whiteboard: B4 [noglsa] DerCorny
Keywords:
: 129260 (view as bug list)
Depends on:
Blocks:
 
Reported: 2006-04-06 08:17 UTC by Stefan Cornelius (RETIRED)
Modified: 2006-04-11 11:20 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Cornelius (RETIRED) gentoo-dev 2006-04-06 08:17:37 UTC
* XSS vulnerability (set_theme)
* XSS vulnerability (calling directly css files under themes)
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-06 08:19:45 UTC
arches please test and mark version 2.8.0.2 stable, thank you
Comment 2 Gustavo Zacarias (RETIRED) gentoo-dev 2006-04-06 08:42:22 UTC
sparc stable.
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2006-04-06 11:26:48 UTC
ppc stable
Comment 4 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2006-04-07 03:33:17 UTC
alpha stable
Comment 5 Simon Stelling (RETIRED) gentoo-dev 2006-04-07 05:57:36 UTC
amd64 stable
Comment 6 René Nussbaumer (RETIRED) gentoo-dev 2006-04-07 08:17:33 UTC
stable on hppa
Comment 7 Mark Loeser (RETIRED) gentoo-dev 2006-04-08 13:46:38 UTC
x86 done
Comment 8 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-08 14:36:35 UTC
This one is ready for GLSA decision.
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2006-04-09 03:53:05 UTC
Voting no. XSS on typically not-Internet facing webapp.
Comment 10 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-09 09:45:41 UTC
same : No.
Comment 11 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-09 09:56:20 UTC
voting no and closing. reopen if you disagree.
Comment 12 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-11 11:20:01 UTC
*** Bug 129260 has been marked as a duplicate of this bug. ***