Gentoo Bug 197575 - dev-db/phppgadmin <= 4.1.2 login.php XSS (CVE-2007-5728)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	197575
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 197575 depends on:			Show dependency tree
Bug 197575 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-10-31 00:42 0000

CVE-2007-5728 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5728):
  Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and
  possibly 4.1.2, allows remote attackers to inject arbitrary web script or
  HTML via certain input available in PHP_SELF in (1) redirect.php, possibly
  related to (2) login.php, different vectors than CVE-2007-2865.

------- Comment #1 From Robert Buchholz 2007-10-31 00:45:26 0000 -------

Seems the fix from bug 180133 did not completely clean this, the Secunia
advisory is updated to show 4.1.2 vulnerable.

Web-Apps and Postgres, please advise.

------- Comment #2 From Gunnar Wrobel 2007-10-31 04:55:09 0000 -------

4.1.3 has been in the tree for a while and should be stabilized then.

Targets: amd64 hppa ppc sparc x86

------- Comment #3 From Jeroen Roovers 2007-10-31 05:23:14 0000 -------

Stable for HPPA.

------- Comment #4 From Markus Meier 2007-11-01 12:35:54 0000 -------

x86 stable

------- Comment #5 From Raúl Porcel 2007-11-05 15:52:19 0000 -------

sparc stable

------- Comment #6 From Tobias Scherbaum 2007-11-06 18:04:04 0000 -------

ppc stable

------- Comment #7 From Alex Howells 2007-11-14 03:04:39 0000 -------

Stable on AMD64 :)

------- Comment #8 From Robert Buchholz 2007-11-14 17:42:47 0000 -------

GLSA vote.

I vote NO.

------- Comment #9 From Pierre-Yves Rofes 2007-11-14 19:56:26 0000 -------

no too and closing.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 197575

dev-db/phppgadmin <= 4.1.2 login.php XSS (CVE-2007-5728)

Last modified: 2007-11-15 02:23:18 0000