Summary: | <dev-db/phpmyadmin-4.9.2: a crafted database/table name can be used to trigger an SQL injection attack through the designer feature (CVE-2019-18622) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | jmbsvicetto, web-apps |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.phpmyadmin.net/security/PMASA-2019-5/ | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
=dev-db/phpmyadmin-4.9.2 amd64 ppc ppc64 sparc x86
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2019-12-02 22:52:06 UTC
we have 4.9.2 (unaffected) in the tree for ~2 days. commit b393a9bdd8e49c2a75c1760190fd864362b8532f Author: Miroslav Šulc <fordfrog@gentoo.org> Date: Sun Dec 1 19:37:04 2019 +0100 dev-db/phpmyadmin-4.9.2: bump Closes: https://bugs.gentoo.org/701672 Package-Manager: Portage-2.3.80, Repoman-2.3.19 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> it's security and bugfix release: https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/ i suppose it can go stable so archs please stabilize. amd64 stable x86 stable ppc64 stable sparc stable ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d6b3b97b42cb8014c6beb424a3d7e604e3e1f052 commit d6b3b97b42cb8014c6beb424a3d7e604e3e1f052 Author: Miroslav Šulc <fordfrog@gentoo.org> AuthorDate: 2019-12-10 11:02:51 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2019-12-10 11:02:51 +0000 dev-db/phpmyadmin-4.9.1: removed old and vulnerable Bug: https://bugs.gentoo.org/701830 Package-Manager: Portage-2.3.81, Repoman-2.3.20 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-db/phpmyadmin/Manifest | 1 - dev-db/phpmyadmin/phpmyadmin-4.9.1.ebuild | 61 ------------------------------- 2 files changed, 62 deletions(-) New GLSA request filed. This issue was resolved and addressed in GLSA 202003-39 at https://security.gentoo.org/glsa/202003-39 by GLSA coordinator Thomas Deutschmann (whissi). |