Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 114728

Summary: dev-db/phpmyadmin-2.7.0 Variable Overwrite Vulnerability
Product: Gentoo Security Reporter: Andreas Korthaus <akorthaus>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.hardened-php.net/advisory_252005.110.html
Whiteboard: B1 [ebuild] DerCorny
Package list:
Runtime testing required: ---

Description Andreas Korthaus 2005-12-07 04:01:48 UTC 
Advisory: phpMyAdmin Variable Overwrite Vulnerability
 Release Date: 2005/12/07
Last Modified: 2005/12/07
       Author: Stefan Esser [sesser@hardened-php.net]

  Application: phpMyAdmin 2.7.0(-rc1)
     Severity: A flaw in the variable overwrite protection may lead
               to several XSS and local and remote file inclusion 
               vulnerabilities
         Risk: Critical
Vendor Status: Vendor has released an updated version
   References: http://www.hardened-php.net/advisory_252005.110.html


phpMyAdmin relese notes:
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-07 04:08:38 UTC 
web-apps, pls provide a fixed ebuild.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-07 04:40:57 UTC 

*** This bug has been marked as a duplicate of 114662 ***
Comment 3 Andreas Korthaus 2005-12-07 05:00:26 UTC 
It's another bug/release than #114662: 2.7.0-pl1
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-07 05:41:15 UTC 
Ok, I was a bit fast there, but the other bug is already appropriately updated 
to take care of both issues. Thx for reporting.