From ${URL} : Description A vulnerability has been reported in phpMyAdmin, which can be exploited by malicious people to conduct clickjacking attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions by tricking a user into clicking a specially crafted link via clickjacking. The vulnerability is reported in versions 3.5.x. Solution: Upgrade to version 4.0.5 or later. Provided and/or discovered by: The vendor credits Emanuel Bronshtein. Original Advisory: PMASA-2013-10: http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Looks like it's the end of the line for 3.5.x, according to the link.
*** Bug 468516 has been marked as a duplicate of this bug. ***
Arches, please test and mark stable: =dev-db/phpmyadmin-4.0.5 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
amd64 stable
alpha stable
sparc stable
x86 stable
ppc stable
Stable for HPPA.
ppc64 stable
Thanks for your work GLSA vote: no
GLSA with 465420, 467808, 478696
CVE-2013-5029 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5029): phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
This issue was resolved and addressed in GLSA 201311-02 at http://security.gentoo.org/glsa/glsa-201311-02.xml by GLSA coordinator Sergey Popov (pinkbyte).