Bug 56048

Summary:	dev-db/phpmyadmin: PHP code injection in version 2.5.7
Product:	Gentoo Linux	Reporter:	Alexander M. Turek <me>
Component:	New packages	Assignee:	Tom Payne (RETIRED) <twp>
Status:	RESOLVED FIXED
Severity:	major	CC:	php-bugs, twp, web-apps
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://www.securityfocus.com/archive/1/367486/2004-06-24/2004-06-30/0
Whiteboard:	B1 [ebuild]
Package list:		Runtime testing required:	---

Description Alexander M. Turek 2004-07-04 06:27:28 UTC

phpMyAdmin 2.5.x has serious security holes as described in the Bugtraq article I am linking to.
The corresponding bugs have been fixed in phpMyAdmin 2.5.7-pl1. That is why I would suggest to add phpMyAdmin 2.5.7-pl1 to the portage tree.

Reproducible: Always
Steps to Reproduce:

Comment 1 Thierry Carrez (RETIRED) gentoo-dev

2004-07-04 10:16:14 UTC

Tom: could you please bump to 2.5.7pl1 ?

Comment 2 Rajiv Aaron Manglani (RETIRED) gentoo-dev

2004-07-04 10:57:01 UTC

fyi, default phpmyadmin on gentoo is not vulnerable. see bug 55606.

but yes, a bump is needed. reassigning, not a security issue.

Comment 3 Tom Payne (RETIRED) gentoo-dev

2004-07-04 11:07:27 UTC

OK, version bump now in CVS. Sorry about the delay -- I've been away for the last three days.

Regards,

Tom