From $URL: The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. CVE is currently under review. Suggested fix is to upgrade to 2.11.9.2 Issue is public, so leaving open.
already fixed in tree, sorry for the spam... i will check that next time
The fact that the necessary package is in the tree does not remove the need for tracking bug, but in this case we handled it already, so, marking as DUPE.
*** This bug has been marked as a duplicate of bug 238592 ***