Welcome to phpMyAdmin 2.11.9.6, a security release. The PMASA-2009-6 security advisory will follow soon on http://www.phpmyadmin.net/home_page/security/. 2.11.9.6 (2009-10-12) - [security] XSS and SQL injection, thanks to Herman van Rink (http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/2.11.9.6/phpMyAdmin-2.11.9.6-notes.html) Same for 3.x at http://dfn.dl.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.2.2.1/phpMyAdmin-3.2.2.1-notes.html
Arches, please test and mark stable: =dev-db/phpmyadmin-2.11.9.6 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
For the record: +*phpmyadmin-3.2.2.1 (13 Oct 2009) +*phpmyadmin-2.11.9.6 (13 Oct 2009) + + 13 Oct 2009; Alex Legler <a3li@gentoo.org> -phpmyadmin-2.11.9.4.ebuild, + +phpmyadmin-2.11.9.6.ebuild, -phpmyadmin-3.2.0.1.ebuild, + -phpmyadmin-3.2.2.ebuild, +phpmyadmin-3.2.2.1.ebuild: + Non-maintainer commit: Version bump for security bug 288899. Removing + unneded vulnerable versions. +
amd64 stable
x86 stable
Stable for HPPA.
Stable on alpha.
CVE-2009-3696 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3696): Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to inject arbitrary web script or HTML via a crafted name for a MySQL table. CVE-2009-3697 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3697): SQL injection vulnerability in the PDF schema generator functionality in phpMyAdmin 2.11.x before 2.11.9.6 and 3.x before 3.2.2.1 allows remote attackers to execute arbitrary SQL commands via unspecified interface parameters.
ppc64 done
sparc stable
ppc stable
Vote: no, as phpmyadmin should be protected properly (hidden dir, htaccess, ip-filter etc.) and is well-known for having a long security history.
NO too, closing.