Summary: | <dev-db/phpmyadmin-{4.0.10.2,4.1.14.3,4.2.7.1}: Multiple vulnerabilities (CVE-2014-{5273,5274}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | a3li, cyberbat83, jmbsvicetto, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 514894, 517858 |
Description
Kristian Fiskerstrand (RETIRED)
2014-08-17 18:14:10 UTC
17:54 < irker101> gentoo-x86: jmbsvicetto dev-db/phpmyadmin: Another security bump for phpmyadmin (CVE-2014-{5273,5274}) - bug 520142. Drop unstable affected versions. Versions in the tree bumped. Maintainers, please advise when ebuilds have had enough testing, and are ready for stabilization. CVE-2014-5274 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5274): Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js. CVE-2014-5273 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5273): Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php. Arches, please test and mark stable: =dev-db/phpmyadmin-4.1.14.3 Target Keywords : "alpha amd64 hppa ppc ppc64 spark x86" Thank you! (In reply to Yury German from comment #4) > Arches, please test and mark stable: > > =dev-db/phpmyadmin-4.1.14.3 > > Target Keywords : "alpha amd64 hppa ppc ppc64 spark x86" > > Thank you! it is hard to catch if arches are not in CC. Stable for HPPA. amd64 stable x86 stable sparc stable ppc64 stable alpha stable ppc stable. Maintainer(s), please cleanup. Security, please vote. (In reply to Agostino Sarubbo from comment #12) > ppc stable. > > Maintainer(s), please cleanup. > Security, please vote. GLSA Vote: No Old versions cleaned up, security please vote. Arches and Maintainer(s), Thank you for your work. GLSA Vote: No |