Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 212000 (CVE-2008-1149) - dev-db/phpmyadmin < 2.11.5 SQL injection vulnerability (CVE-2008-1149)
Summary: dev-db/phpmyadmin < 2.11.5 SQL injection vulnerability (CVE-2008-1149)
Status: RESOLVED FIXED
Alias: CVE-2008-1149
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.phpmyadmin.net/home_page/s...
Whiteboard: B4 [glsa]
Keywords: InVCS
Depends on:
Blocks:
 
Reported: 2008-03-01 17:46 UTC by Hanno Böck
Modified: 2008-03-09 20:52 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-03-01 17:46:01 UTC
PMASA-2008-1 is an sql-injection, fixed in 2.11.5.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2008-03-01 20:24:57 UTC
Maintainers, please bump.
Comment 2 Benedikt Böhm (RETIRED) gentoo-dev 2008-03-02 08:39:02 UTC
in cvs, archs please stabilize, thanks
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2008-03-02 11:18:15 UTC
=dev-db/phpmyadmin-2.11.5
Target keywords : "alpha amd64 hppa ppc ppc64 release sparc x86"
Comment 4 Richard Freeman gentoo-dev 2008-03-02 14:48:08 UTC
amd64 stable
Comment 5 Markus Rothe (RETIRED) gentoo-dev 2008-03-02 20:12:10 UTC
ppc64 stable
Comment 6 Jeroen Roovers gentoo-dev 2008-03-03 01:53:38 UTC
Stable for HPPA.
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2008-03-03 08:00:04 UTC
x86 stable
Comment 8 Christian Faulhammer (RETIRED) gentoo-dev 2008-03-03 08:02:38 UTC
Maintainers, the ebuild calls need_httpd_cgi but does not inherit webapp.eclass...I did not add it, because there may be side effects I do not know about.
Comment 9 Benedikt Böhm (RETIRED) gentoo-dev 2008-03-03 08:46:54 UTC
phpmyadmin $ grep inherit phpmyadmin-2.11.5.ebuild
inherit eutils webapp depend.php
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2008-03-04 10:50:32 UTC
alpha/sparc stable
Comment 11 Tobias Scherbaum (RETIRED) gentoo-dev 2008-03-04 20:54:40 UTC
ppc stable
Comment 12 Peter Volkov (RETIRED) gentoo-dev 2008-03-05 06:49:32 UTC
Fixed in release snapshot.
Comment 13 Lars Hartmann 2008-03-05 08:01:59 UTC
can someone please add CVE-2008-1149?
i dont have the needed permissions to do it myself
Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-05 08:36:17 UTC
time for vote... I vote YES.
Comment 15 Robert Buchholz (RETIRED) gentoo-dev 2008-03-05 09:53:40 UTC
YES, filed.
Comment 16 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-03-09 20:52:34 UTC
GLSA 200803-15