Bug 219005 (CVE-2008-1924)

Comment 1 Robert Buchholz (RETIRED) 2008-04-23 22:28:10 UTC

CVE-2008-1924:
Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running on shared
hosts, allows attackers with CREATE table permissions to read arbitrary files
via a crafted HTTP POST request, related to use of an undefined UploadDir
variable.

Comment 2 Benedikt Böhm (RETIRED) 2008-04-25 12:06:00 UTC

in cvs

Comment 3 Robert Buchholz (RETIRED) 2008-04-25 20:58:58 UTC

Arches, please test and mark stable:
=dev-db/phpmyadmin-2.11.5.2
Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"

Comment 4 Markus Meier 2008-04-26 11:54:21 UTC

amd64/x86 stable

Comment 5 Jeroen Roovers (RETIRED) 2008-04-26 15:18:39 UTC

Stable for HPPA.

Comment 6 Markus Rothe (RETIRED) 2008-04-27 08:31:56 UTC

ppc64 stable

Comment 7 Raúl Porcel (RETIRED) 2008-04-27 18:35:28 UTC

alpha/sparc stable

Comment 8 Tobias Scherbaum (RETIRED) 2008-04-28 17:02:53 UTC

ppc stable

Comment 9 Peter Volkov (RETIRED) 2008-04-29 06:29:21 UTC

Fixed in release snapshot.

Comment 10 Tobias Heinlein (RETIRED) 2008-04-29 12:56:51 UTC

Ready for vote. I vote YES.

Comment 11 Matthias Geerdsen (RETIRED) 2008-04-29 13:00:37 UTC

agreed, filed request

Comment 12 Pierre-Yves Rofes (RETIRED) 2008-05-05 21:41:38 UTC

GLSA 200805-02