56048 – dev-db/phpmyadmin: PHP code injection in version 2.5.7

Bug 56048 - dev-db/phpmyadmin: PHP code injection in version 2.5.7

Summary: dev-db/phpmyadmin: PHP code injection in version 2.5.7

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High major (vote)
Assignee:	Tom Payne (RETIRED)

URL:	http://www.securityfocus.com/archive/...
Whiteboard:	B1 [ebuild]
Keywords:

Depends on:
Blocks:

Reported:	2004-07-04 06:27 UTC by Alexander M. Turek
Modified:	2004-07-22 02:30 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander M. Turek 2004-07-04 06:27:28 UTC

phpMyAdmin 2.5.x has serious security holes as described in the Bugtraq article I am linking to.
The corresponding bugs have been fixed in phpMyAdmin 2.5.7-pl1. That is why I would suggest to add phpMyAdmin 2.5.7-pl1 to the portage tree.

Reproducible: Always
Steps to Reproduce:

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-07-04 10:16:14 UTC

Tom: could you please bump to 2.5.7pl1 ?

Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev

2004-07-04 10:57:01 UTC

fyi, default phpmyadmin on gentoo is not vulnerable. see bug 55606.

but yes, a bump is needed. reassigning, not a security issue.

Comment 3 Tom Payne (RETIRED) gentoo-dev

2004-07-04 11:07:27 UTC

OK, version bump now in CVS. Sorry about the delay -- I've been away for the last three days.

Regards,

Tom