Summary: | <dev-db/phpmyadmin-4.0.5: Clickjacking Vulnerability (CVE-2013-5029) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | a3li, admwiggin, kripton, toto, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/54381/ | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=478696 | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 467080, 478696 |
Description
Agostino Sarubbo
2013-08-05 20:31:40 UTC
Looks like it's the end of the line for 3.5.x, according to the link. *** Bug 468516 has been marked as a duplicate of this bug. *** Arches, please test and mark stable: =dev-db/phpmyadmin-4.0.5 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86" amd64 stable alpha stable sparc stable x86 stable ppc stable Stable for HPPA. ppc64 stable Thanks for your work GLSA vote: no GLSA with 465420, 467808, 478696 CVE-2013-5029 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-5029): phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php. This issue was resolved and addressed in GLSA 201311-02 at http://security.gentoo.org/glsa/glsa-201311-02.xml by GLSA coordinator Sergey Popov (pinkbyte). |