Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 114728 - dev-db/phpmyadmin-2.7.0 Variable Overwrite Vulnerability
Summary: dev-db/phpmyadmin-2.7.0 Variable Overwrite Vulnerability
Status: RESOLVED DUPLICATE of bug 114662
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.hardened-php.net/advisory_...
Whiteboard: B1 [ebuild] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2005-12-07 04:01 UTC by Andreas Korthaus
Modified: 2011-10-30 22:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Korthaus 2005-12-07 04:01:48 UTC 
Advisory: phpMyAdmin Variable Overwrite Vulnerability
 Release Date: 2005/12/07
Last Modified: 2005/12/07
       Author: Stefan Esser [sesser@hardened-php.net]

  Application: phpMyAdmin 2.7.0(-rc1)
     Severity: A flaw in the variable overwrite protection may lead
               to several XSS and local and remote file inclusion 
               vulnerabilities
         Risk: Critical
Vendor Status: Vendor has released an updated version
   References: http://www.hardened-php.net/advisory_252005.110.html


phpMyAdmin relese notes:
http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2005-12-07 04:08:38 UTC 
web-apps, pls provide a fixed ebuild.
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-07 04:40:57 UTC 

*** This bug has been marked as a duplicate of 114662 ***
Comment 3 Andreas Korthaus 2005-12-07 05:00:26 UTC 
It's another bug/release than #114662: 2.7.0-pl1
Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-12-07 05:41:15 UTC 
Ok, I was a bit fast there, but the other bug is already appropriately updated 
to take care of both issues. Thx for reporting.