Summary: | <dev-db/phpmyadmin-{4.0.10.8,4.1.14.8,4.2.13.1}: multiple vulnerabilities (CVE-2014-{9218,9219}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jmbsvicetto, web-apps |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-12-04 15:27:54 UTC
CVE-2014-9219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9219): Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. CVE-2014-9218 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9218): libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password. 22:02 < irker677> gentoo-x86: jmbsvicetto dev-db/phpmyadmin: Security bump - fixes bug 531684. New versions added to the tree: phpmyadmin-4.1.14.8.ebuild phpmyadmin-4.2.13.1.ebuild phpmyadmin-4.0.10.7.ebuild @security: It should be OK to stabilize the new versions as soon as possible. Arches, please test and mark stable: =phpmyadmin-4.1.14.8 =phpmyadmin-4.2.13.1 Target Keywords : "alpha amd64 hppa ppc ppc64 spark x86" Thank you! (In reply to Yury German from comment #3) > Arches, please test and mark stable: > > =phpmyadmin-4.1.14.8 > =phpmyadmin-4.2.13.1 Please post full atoms. (In reply to Jeroen Roovers from comment #4) > (In reply to Yury German from comment #3) > > Arches, please test and mark stable: > > > > =phpmyadmin-4.1.14.8 > > =phpmyadmin-4.2.13.1 > > Please post full atoms. Here they are: =dev-db/phpmyadmin-4.1.14.8 =dev-db/phpmyadmin-4.2.13.1 x86 done Stable for HPPA. amd64 stable ppc stable sparc stable ppc64 stable alpha stable. Maintainer(s), please cleanup. Security, please vote. Arches, Thank you for your work. Security Please Vote. First Vote: No Maintainer(s), please drop the vulnerable version(s). GLSA Vote: No Maintainer(s), please drop the vulnerable version(s). 15:33 < gentoovcs> jmbsvicetto → gentoo-x86 (dev-db/phpmyadmin/) Bump phpmyadmin to the latest releases and add 4.4.0_beta1. Address CVE-2014-{9218,9219} - fixes bug 531684. Address PMASA-2015-1 - fixes bug 542218. Drop old vulnerable versions. Vulnerable versions cleaned. Maintainer(s), Thank you for you for cleanup. |