Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 376369 (CVE-2011-2642) - <dev-db/phpmyadmin-3.4.3.2: Multiple Vulnerabilities (CVE-2011-{2642,2643,2718,2719})
Summary: <dev-db/phpmyadmin-3.4.3.2: Multiple Vulnerabilities (CVE-2011-{2642,2643,271...
Status: RESOLVED FIXED
Alias: CVE-2011-2642
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/s...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-25 14:56 UTC by Paul Hartman
Modified: 2012-01-04 23:42 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Paul Hartman 2011-07-25 14:56:21 UTC
phpMyAdmin 3.4.3.2 has been released, fixing four security vulnerabilities. Current latest version in portage (3.4.3.1) is apparently affected.

XSS in table Print view. 
Severity: Minor
http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php

Local file inclusion. 
Severity: Serious
http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php

Local file inclusion vulnerability and code execution. 
Severity: Critical
http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php

Possible session manipulation in swekey authentication. 
Severity: Critical
http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php


Reproducible: Always
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2011-07-25 17:30:40 UTC
Arches, please test and mark stable:
=dev-db/phpmyadmin-3.4.3.2
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
Comment 2 Agostino Sarubbo gentoo-dev 2011-07-26 10:00:56 UTC
amd64 ok as usual.
Comment 3 Thomas Kahle (RETIRED) gentoo-dev 2011-07-26 10:17:18 UTC
x86 stable. Thanks
Comment 4 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-07-26 17:44:09 UTC
ppc/ppc64 stable
Comment 5 Ian Delaney (RETIRED) gentoo-dev 2011-07-26 18:14:41 UTC
emerges ok
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2011-07-27 04:43:12 UTC
Stable for HPPA.
Comment 7 Marc Richter 2011-07-27 13:10:21 UTC
I don't know if this is of any interest here, but I just upgraded with the unmasked version on amd64 and everything is good.
Comment 8 Markos Chandras (RETIRED) gentoo-dev 2011-08-02 15:06:48 UTC
amd64 done. Thank you all
Comment 9 Raúl Porcel (RETIRED) gentoo-dev 2011-08-07 17:18:43 UTC
alpha/sparc stable
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-08-17 15:35:09 UTC
Thank, everyone. Added to existing GLSA request.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2012-01-04 23:42:15 UTC
This issue was resolved and addressed in
 GLSA 201201-01 at http://security.gentoo.org/glsa/glsa-201201-01.xml
by GLSA coordinator Tim Sammut (underling).