Gentoo Full Text Bug Listing

Bug 197575 - dev-db/phppgadmin <= 4.1.2 login.php XSS (CVE-2007-5728)

Bug#: 197575 (CVE-2007-5728)	Product: Gentoo Security	Version: unspecified	Platform: All
OS/Version: Linux	Status: RESOLVED	Severity: minor	Priority: P2
Resolution: FIXED	Assigned To: security@gentoo.org	Reported By: rbu@gentoo.org
Component: Vulnerabilities
URL: http://secunia.com/advisories/25446/
Summary: dev-db/phppgadmin <= 4.1.2 login.php XSS (CVE-2007-5728)
Keywords:
Status Whiteboard: B4 [noglsa]
Opened: 2007-10-31 00:42 0000

Description:

Opened: 2007-10-31 00:42 0000

CVE-2007-5728 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5728):
  Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and
  possibly 4.1.2, allows remote attackers to inject arbitrary web script or
  HTML via certain input available in PHP_SELF in (1) redirect.php, possibly
  related to (2) login.php, different vectors than CVE-2007-2865.

------- Comment #1 From Robert Buchholz 2007-10-31 00:45:26 0000 -------

Seems the fix from bug 180133 did not completely clean this, the Secunia
advisory is updated to show 4.1.2 vulnerable.

Web-Apps and Postgres, please advise.

------- Comment #2 From Gunnar Wrobel 2007-10-31 04:55:09 0000 -------

4.1.3 has been in the tree for a while and should be stabilized then.

Targets: amd64 hppa ppc sparc x86

------- Comment #3 From Jeroen Roovers 2007-10-31 05:23:14 0000 -------

Stable for HPPA.

------- Comment #4 From Markus Meier 2007-11-01 12:35:54 0000 -------

x86 stable

------- Comment #5 From Raúl Porcel 2007-11-05 15:52:19 0000 -------

sparc stable

------- Comment #6 From Tobias Scherbaum 2007-11-06 18:04:04 0000 -------

ppc stable

------- Comment #7 From Alex Howells 2007-11-14 03:04:39 0000 -------

Stable on AMD64 :)

------- Comment #8 From Robert Buchholz 2007-11-14 17:42:47 0000 -------

GLSA vote.

I vote NO.

------- Comment #9 From Pierre-Yves Rofes 2007-11-14 19:56:26 0000 -------

no too and closing.