Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 138903 - dev-db/phpmyadmin Another XSS issue
Summary: dev-db/phpmyadmin Another XSS issue
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/s...
Whiteboard: B4 [noglsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-02 13:06 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2006-07-11 00:57 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-07-02 13:06:20 UTC
Description:
 It was possible to craft a request that contains XSS by attacking the "table" parameter.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-07-02 13:08:16 UTC
web apps please advise and provide an updated ebuild as necessary.
Comment 2 Renat Lumpau (RETIRED) gentoo-dev 2006-07-02 13:26:33 UTC
2.8.2 already in the tree
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-07-03 00:44:31 UTC
Thx Renat, I must have forgotten to cvs up.

Arches please test and mark stable.
Comment 4 Michael Weyershäuser 2006-07-03 02:10:10 UTC
amd64 tested and good to go
Comment 5 Thomas Cort (RETIRED) gentoo-dev 2006-07-03 06:05:17 UTC
phpmyadmin-2.8.2 stable on amd64.
Comment 6 Gustavo Zacarias (RETIRED) gentoo-dev 2006-07-03 06:09:30 UTC
sparc stable.
Comment 7 Lars Weiler (RETIRED) gentoo-dev 2006-07-03 07:22:23 UTC
ppc stable.
Comment 8 René Nussbaumer (RETIRED) gentoo-dev 2006-07-04 04:47:17 UTC
stable on hppa
Comment 9 Jose Luis Rivero (yoswink) (RETIRED) gentoo-dev 2006-07-07 03:51:51 UTC
alpha done. Sorry guys for the delay.
Comment 10 Joshua Jackson (RETIRED) gentoo-dev 2006-07-10 09:16:27 UTC
phpmyadmin-- but its stable on x86 as well now too
Comment 11 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-07-10 09:54:07 UTC
Thx Joshua, but please don't close security bugs.

This one is ready for GLSA decision.
Comment 12 Wolf Giesen (RETIRED) gentoo-dev 2006-07-10 10:34:53 UTC
I tend to say "no". Anybody not securing this app acts grossly negligent and will not get added security by a GLSA.
Comment 13 Thierry Carrez (RETIRED) gentoo-dev 2006-07-10 12:43:23 UTC
Voting no, I'm with Wolf on that one.
Comment 14 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-07-11 00:53:38 UTC
I'm with Koon on this one even though he's shouting WOLF all the time.

Voting NO and closing. With all likelyhood there will be another issue that we can bundle this one with, right Wolf?
Comment 15 Wolf Giesen (RETIRED) gentoo-dev 2006-07-11 00:57:15 UTC
Ehr ... huh? <urgently needs beer, obviously>