Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 129850 - dev-db/phpmyadmin-2.8.0.3 XSS and SQL issues
Summary: dev-db/phpmyadmin-2.8.0.3 XSS and SQL issues
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/i...
Whiteboard: B3 [noglsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-04-13 11:54 UTC by t35t0r
Modified: 2009-01-11 19:05 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description t35t0r 2006-04-13 11:54:10 UTC
phpmyadmin 2.8.0.3 is released

http://www.phpmyadmin.net/home_page/index.php

Improvements:

    * PHP 5.1.2 compatibility
    * Possibility to hide databases
    * Configurable memory limit for import/export
    * Better support for CGI
    * Web-based setup
    * (rc2)  no longer needs a .htaccess in the main directory
Comment 1 Richard Scott 2006-04-20 02:46:58 UTC
I've noticed in the current latest 2.8.0.2 release that we are given the following advice:

1. Create config.inc.php. You can use the web-based installer:
   http://localhost//phpmyadmin/scripts/setup.php

   Alternatively, use the default config file in libraries/config.default.php:

     cp /var/www/localhost/htdocs/phpmyadmin/libraries/config.default.php /var/www/localhost/htdocs/phpmyadmin/libraries/config.inc.php

From what I can tell, the config.inc.php file should be cp'd to /var/www/localhost/htdocs/phpmyadmin/config.inc.php and not into the libraries directory?

If this is the case, perhaps this could be tweaked in the next release.

Many thanks for your hard work on the package. :-)

Comment 2 Richard Scott 2006-04-20 04:00:39 UTC
Sorry, this is already a bug:

http://bugs.gentoo.org/show_bug.cgi?id=129590
Comment 3 Renat Lumpau (RETIRED) gentoo-dev 2006-04-20 08:52:52 UTC
Fixes for 2.8.0.2:

XSS vulnerability (set_theme)
XSS vulnerability (calling directly css files under themes)

Also see bug #130293
Comment 4 Renat Lumpau (RETIRED) gentoo-dev 2006-04-20 08:58:16 UTC
2.8.0.3 is in CVS, needs stabling
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-20 09:21:50 UTC
Arches please test and mark stable.
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2006-04-20 12:03:14 UTC
ppc stable
Comment 7 Gustavo Zacarias (RETIRED) gentoo-dev 2006-04-20 14:38:53 UTC
sparc stable.
Comment 8 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2006-04-20 16:53:02 UTC
alpha stable
Comment 9 René Nussbaumer (RETIRED) gentoo-dev 2006-04-21 14:19:34 UTC
stable on hppa
Comment 10 Mark Loeser (RETIRED) gentoo-dev 2006-04-21 14:40:58 UTC
x86 done
Comment 11 Thierry Carrez (RETIRED) gentoo-dev 2006-04-28 11:17:35 UTC
amd64 is late
Comment 12 Mike Doty (RETIRED) gentoo-dev 2006-04-28 13:18:04 UTC
amd64 stable, sorry for the delay
Comment 13 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-04-28 21:49:37 UTC
This one is ready for GLSA decision. I tend to vote NO.
Comment 14 Thierry Carrez (RETIRED) gentoo-dev 2006-04-29 01:08:25 UTC
Voting no, don't forget to close bug 130293 as well
Comment 15 Stefan Cornelius (RETIRED) gentoo-dev 2006-04-30 05:57:24 UTC
another no and closing.