Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 303761 (CVE-2009-4605) - <=dev-db/phpmyadmin-2.11.10 CSRF (CVE-2009-4605)
Summary: <=dev-db/phpmyadmin-2.11.10 CSRF (CVE-2009-4605)
Status: RESOLVED FIXED
Alias: CVE-2009-4605
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://phpmyadmin.svn.sourceforge.net...
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-02-06 15:36 UTC by Stefan Behte (RETIRED)
Modified: 2010-08-14 14:40 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2010-02-06 15:36:52 UTC
CVE-2009-4605 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4605):
  scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before
  2.11.10 calls the unserialize function on the values of the (1)
  configuration and (2) v[0] parameters, which might allow remote
  attackers to conduct cross-site request forgery (CSRF) attacks via
  unspecified vectors.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-02-06 15:37:37 UTC
Hi webapps, please provide an updated newbuild.
Comment 2 Tobias Heinlein (RETIRED) gentoo-dev 2010-06-11 17:14:13 UTC
Bumped on behalf of security.

Arches, please test and mark stable:
=dev-db/phpmyadmin-2.11.10
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
Comment 3 Christian Faulhammer (RETIRED) gentoo-dev 2010-06-12 14:23:52 UTC
x86 stable, I am back.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2010-06-13 17:04:18 UTC
Stable for HPPA.
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2010-06-20 18:09:05 UTC
alpha/sparc stable
Comment 6 Markus Meier gentoo-dev 2010-06-21 20:18:22 UTC
amd64 stable
Comment 7 Joe Jezak (RETIRED) gentoo-dev 2010-07-18 20:24:59 UTC
Marked ppc/ppc64 stable.
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 12:39:18 UTC
Vote: no!
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2010-08-14 14:40:38 UTC
NO too, closing.