Bug 238592

Summary:	dev-db/phpmyadmin < 2.11.9.2: xss (CVE-2008-4326)
Product:	Gentoo Security	Reporter:	Hanno Böck <hanno>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	mabi
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.phpmyadmin.net/home_page/downloads.php?relnotes=1
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---

Description Hanno Böck gentoo-dev

2008-09-24 17:54:58 UTC

From release notes:
- (2.11.9.2)  [security] XSS in MSIE using NUL byte

CVE requested on oss-security.

Comment 1 Gunnar Wrobel (RETIRED) gentoo-dev

2008-09-29 07:59:22 UTC

phpmyadmin-2.11.9.2 is in the tree.

Targets:

  alpha amd64 hppa ppc ppc64 sparc x86

Comment 2 Raúl Porcel (RETIRED) gentoo-dev

2008-09-29 09:12:52 UTC

alpha/sparc/x86 stable

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2008-09-29 19:07:58 UTC

Stable for HPPA.

Comment 4 Tobias Heinlein (RETIRED) gentoo-dev

2008-09-30 01:56:27 UTC

amd64 stable

Comment 5 Markus Rothe (RETIRED) gentoo-dev

2008-09-30 10:20:12 UTC

ppc64 stable

Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev

2008-10-01 17:52:49 UTC

ppc stable

Comment 7 Tobias Heinlein (RETIRED) gentoo-dev

2008-10-01 21:17:30 UTC

Ready for vote, I vote NO.

Comment 8 Gunnar Wrobel (RETIRED) gentoo-dev

2008-10-02 04:13:00 UTC

Removed insecure phpmyadmin-2.11.9.1. webapps done.

Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev

2008-10-02 09:30:25 UTC

no too, closing.

Comment 10 Stefan Behte (RETIRED) gentoo-dev

2008-10-04 18:11:27 UTC

2.11.9.2 also fixes CVE-2008-4096.

Comment 11 Christian Hoffmann (RETIRED) gentoo-dev

2008-10-20 08:02:18 UTC

*** Bug 242834 has been marked as a duplicate of this bug. ***