Gentoo Bug 212000 - dev-db/phpmyadmin < 2.11.5 SQL injection vulnerability (CVE-2008-1149)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	212000
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Hanno Boeck <hanno@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 212000 depends on:			Show dependency tree
Bug 212000 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-03-01 17:46 0000

PMASA-2008-1 is an sql-injection, fixed in 2.11.5.

------- Comment #1 From Tobias Heinlein 2008-03-01 20:24:57 0000 -------

Maintainers, please bump.

------- Comment #2 From Benedikt Böhm 2008-03-02 08:39:02 0000 -------

in cvs, archs please stabilize, thanks

------- Comment #3 From Robert Buchholz 2008-03-02 11:18:15 0000 -------

=dev-db/phpmyadmin-2.11.5
Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"

------- Comment #4 From Richard Freeman 2008-03-02 14:48:08 0000 -------

amd64 stable

------- Comment #5 From Markus Rothe 2008-03-02 20:12:10 0000 -------

ppc64 stable

------- Comment #6 From Jeroen Roovers 2008-03-03 01:53:38 0000 -------

Stable for HPPA.

------- Comment #7 From Christian Faulhammer 2008-03-03 08:00:04 0000 -------

x86 stable

------- Comment #8 From Christian Faulhammer 2008-03-03 08:02:38 0000 -------

Maintainers, the ebuild calls need_httpd_cgi but does not inherit
webapp.eclass...I did not add it, because there may be side effects I do not
know about.

------- Comment #9 From Benedikt Böhm 2008-03-03 08:46:54 0000 -------

phpmyadmin $ grep inherit phpmyadmin-2.11.5.ebuild
inherit eutils webapp depend.php

------- Comment #10 From Raúl Porcel 2008-03-04 10:50:32 0000 -------

alpha/sparc stable

------- Comment #11 From Tobias Scherbaum 2008-03-04 20:54:40 0000 -------

ppc stable

------- Comment #12 From Peter Volkov 2008-03-05 06:49:32 0000 -------

Fixed in release snapshot.

------- Comment #13 From Lars Hartmann 2008-03-05 08:01:59 0000 -------

can someone please add CVE-2008-1149?
i dont have the needed permissions to do it myself

------- Comment #14 From Pierre-Yves Rofes 2008-03-05 08:36:17 0000 -------

time for vote... I vote YES.

------- Comment #15 From Robert Buchholz 2008-03-05 09:53:40 0000 -------

YES, filed.

------- Comment #16 From Pierre-Yves Rofes 2008-03-09 20:52:34 0000 -------

GLSA 200803-15

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 212000

dev-db/phpmyadmin < 2.11.5 SQL injection vulnerability (CVE-2008-1149)

Last modified: 2008-03-09 20:52:34 0000