Four new advisories released by upstream. http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php CVE-2011-2505 Possible session manipulation in Swekey authentication. http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php CVE-2011-2506 Possible code injection in setup script in case session variables are compromised. http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php CVE-2011-2507 Regular expression quoting issue in Synchronize code. http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php CVE-2011-2508 Possible directory traversal. All appear fixed in 3.4.3.1.
*** Bug 374167 has been marked as a duplicate of this bug. ***
Arches, please test and mark stable: =dev-db/phpmyadmin-3.4.3.1 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
amd64 ok
ditto
amd64 done. Thanks Agostino and Ian
x86 stable. Thanks
ppc/ppc64 stable
alpha/sparc stable
Stable for HPPA.
Thanks, folks. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201201-01 at http://security.gentoo.org/glsa/glsa-201201-01.xml by GLSA coordinator Tim Sammut (underling).