hardened php advisory can be found at http://www.hardened-php.net/advisory_072006.130.html phpmyadmin announcement: Announcement-ID: PMASA-2006-5 Date: 2006-10-01 Summary: XSRF (Cross Site Request Forgery) vulnerabilities Description: We received a security advisory from Stefan Esser (sesser@hardened-php.net) and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link. Severity: We consider these vulnerabilities to be serious. Affected versions: At least versions since 2.8.2.x. Solution: Upgrade to phpMyAdmin 2.9.0.1 or newer.
web-apps, pls bump/patch
in CVS
arches, please test dev-db/phpmyadmin-2.9.0.1 and mark stable if possible
/me really adds arches now and hides
hold on a sec, they just released .2. i'll add it tonight and then y'all can stable
.2 in CVS, go for it
x86/amd64 done
sparc stable.
ppc stable
alpha stable.
hppa stable, ready for glsa voting
i vote no since the exploitation is pretty hard
voting no too -> closing