phpMyAdmin 3.4.3.2 has been released, fixing four security vulnerabilities. Current latest version in portage (3.4.3.1) is apparently affected. XSS in table Print view. Severity: Minor http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php Local file inclusion. Severity: Serious http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php Local file inclusion vulnerability and code execution. Severity: Critical http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php Possible session manipulation in swekey authentication. Severity: Critical http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php Reproducible: Always
Arches, please test and mark stable: =dev-db/phpmyadmin-3.4.3.2 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
amd64 ok as usual.
x86 stable. Thanks
ppc/ppc64 stable
emerges ok
Stable for HPPA.
I don't know if this is of any interest here, but I just upgraded with the unmasked version on amd64 and everything is good.
amd64 done. Thank you all
alpha/sparc stable
Thank, everyone. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201201-01 at http://security.gentoo.org/glsa/glsa-201201-01.xml by GLSA coordinator Tim Sammut (underling).