Summary: | <dev-db/phpmyadmin-3.4.1: Multiple vulnerabilities (CVE-2011-{1940,1941}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Alex Legler (RETIRED) <a3li> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Alex Legler (RETIRED)
2011-05-23 20:12:18 UTC
Arches, please test and mark stable: =dev-db/phpmyadmin-3.4.1 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86" x86 stable amd64 emerged ok. amd64 done. Thanks Ian Stable for HPPA. ppc/ppc64 stable alpha/sparc stable Thanks, everyone. GLSA Vote: no. voting no too, and closing. CVE-2011-1941 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1941): Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x before 3.4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. CVE-2011-1940 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1940): Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x before 3.3.10.1 and 3.4.x before 3.4.1 allow remote attackers to inject arbitrary web script or HTML via a crafted table name that triggers improper HTML rendering on a Tracking page, related to (1) libraries/tbl_links.inc.php and (2) tbl_tracking.php. |