From $url: <-- Summary XSS attack on setup script. Description It was possible to conduct a XSS attack using spoofed request to setup script. Severity We consider this vulnerability to be non critical. Affected Versions For 3.x: versions before 3.3.7 are affected. Unaffected Versions Branch 2.11.x is not affected by this. <-- $url references CVE-2010-2958, but that has already been assigned in PMASA-2010-6, http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php.
security@gentoo.org, =dev-db/phpmyadmin-3.3.6 is in the process of stabilization via bug 335490. Should we combine these bugs, or update the stabilization request? Thanks.
This has been assigned CVE-2010-3263.
Arches, please test and mark stable: =dev-db/phpmyadmin-3.3.7 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
x86 stable
amd64 done
Marked ppc/ppc64 stable.
alpha/sparc stable
Stable for HPPA.
XSS in webapp -> closing noglsa. Feel free to reopen if you think otherwise.
bug 302745 is B1. This bug will be included in the advisory.
Affected ebuilds were removed from the tree.
This issue was resolved and addressed in GLSA 201201-01 at http://security.gentoo.org/glsa/glsa-201201-01.xml by GLSA coordinator Tim Sammut (underling).