Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 246831

Summary: <dev-db/phpmyadmin-{2.11.9.4, 3.0.1.1} XSS (CVE-2008-4775)
Product: Gentoo Security Reporter: Hanno Böck <hanno>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4775
Whiteboard: B3 [glsa]
Package list:
Runtime testing required: ---

Description Hanno Böck gentoo-dev 2008-11-15 10:08:01 UTC 
3.0.1.1 fixes an XSS in phpmyadmin. The vuln description says this only appears with register_globals on, though that is NOT true. Tested that the XSS also works with register_globals off (I've requested the CVE to be changed to reflect that).
Comment 1 Hanno Böck gentoo-dev 2008-11-16 10:30:06 UTC 
Status should be ebuild, upstream already released 3.0.1.1, which fixes the issue.
Comment 2 Gunnar Wrobel (RETIRED) gentoo-dev 2008-11-17 04:46:04 UTC 
Added 3.0.1.1, removed 3.0.1, unstable on all arches. webapps done.
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-03-04 19:14:55 UTC 
According to Secunia, this is also an issue in the 2.x slot.

Ready for GLSA voting.
Since there is already something else for phpmyadmin-2 in the request pool, I'd say YES.
Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-03-04 19:15:57 UTC 
whiteboard.. sry for the spam
Comment 5 Tobias Heinlein (RETIRED) gentoo-dev 2009-03-05 20:28:52 UTC 
YES too, added to existing request.
Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev 2009-03-18 22:32:13 UTC 
GLSA 200903-32