Gentoo Bug 215502 - dev-db/phpmyadmin <2.11.5.1 Local session data disclosure (CVE-2008-1567)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	215502
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Hanno Boeck <hanno@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 215502 depends on:			Show dependency tree Show dependency graph
Bug 215502 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-03-30 23:22 0000

Advisory from phpmyadmin:

Summary:
Credentials disclosure on shared hosts via session data

Description:
We received an advisory from Jim Hermann, and we wish to thank him for his
work. phpMyAdmin saves sensitive information like the MySQL username and
password and the Blowfish secret key in session data, which might be
unprotected on a shared host.

2.11.5.1 fixes this, please bump.

------- Comment #1 From Robert Buchholz 2008-04-01 13:10:00 0000 -------

*** Bug 215692 has been marked as a duplicate of this bug. ***

------- Comment #2 From Benedikt Böhm 2008-04-03 09:00:08 0000 -------

2.11.5.1 in portage

------- Comment #3 From Robert Buchholz 2008-04-03 09:57:17 0000 -------

Arches, please test and mark stable:
=dev-db/phpmyadmin-2.11.5.1
Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"

------- Comment #4 From Markus Rothe 2008-04-03 19:22:59 0000 -------

ppc64 stable

------- Comment #5 From Markus Meier 2008-04-03 19:52:42 0000 -------

amd64/x86 stable

------- Comment #6 From Jeroen Roovers 2008-04-06 14:43:49 0000 -------

Stable for HPPA.

------- Comment #7 From Tobias Scherbaum 2008-04-06 20:22:30 0000 -------

ppc stable

------- Comment #8 From Raúl Porcel 2008-04-07 20:20:41 0000 -------

alpha/sparc stable

------- Comment #9 From Peter Volkov 2008-04-08 05:37:16 0000 -------

Fixed in release snapshot.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 215502

dev-db/phpmyadmin <2.11.5.1 Local session data disclosure (CVE-2008-1567)

Last modified: 2008-04-08 05:37:16 0000