Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 238592 - dev-db/phpmyadmin < 2.11.9.2: xss (CVE-2008-4326)
Summary: dev-db/phpmyadmin < 2.11.9.2: xss (CVE-2008-4326)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/d...
Whiteboard: B3 [noglsa]
Keywords:
: 242834 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-09-24 17:54 UTC by Hanno Böck
Modified: 2008-10-20 08:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-09-24 17:54:58 UTC
From release notes:
- (2.11.9.2)  [security] XSS in MSIE using NUL byte

CVE requested on oss-security.
Comment 1 Gunnar Wrobel (RETIRED) gentoo-dev 2008-09-29 07:59:22 UTC
phpmyadmin-2.11.9.2 is in the tree.

Targets:

  alpha amd64 hppa ppc ppc64 sparc x86
Comment 2 Raúl Porcel (RETIRED) gentoo-dev 2008-09-29 09:12:52 UTC
alpha/sparc/x86 stable
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2008-09-29 19:07:58 UTC
Stable for HPPA.
Comment 4 Tobias Heinlein (RETIRED) gentoo-dev 2008-09-30 01:56:27 UTC
amd64 stable
Comment 5 Markus Rothe (RETIRED) gentoo-dev 2008-09-30 10:20:12 UTC
ppc64 stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2008-10-01 17:52:49 UTC
ppc stable
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2008-10-01 21:17:30 UTC
Ready for vote, I vote NO.
Comment 8 Gunnar Wrobel (RETIRED) gentoo-dev 2008-10-02 04:13:00 UTC
Removed insecure phpmyadmin-2.11.9.1. webapps done.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-10-02 09:30:25 UTC
no too, closing.
Comment 10 Stefan Behte (RETIRED) gentoo-dev Security 2008-10-04 18:11:27 UTC
2.11.9.2 also fixes CVE-2008-4096.
Comment 11 Christian Hoffmann (RETIRED) gentoo-dev 2008-10-20 08:02:18 UTC
*** Bug 242834 has been marked as a duplicate of this bug. ***