XSS attack on setup script.
It was possible to conduct a XSS attack using spoofed request to setup script.
We consider this vulnerability to be non critical.
For 3.x: versions before 3.3.7 are affected.
Branch 2.11.x is not affected by this.
$url references CVE-2010-2958, but that has already been assigned in PMASA-2010-6, http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php.
=dev-db/phpmyadmin-3.3.6 is in the process of stabilization via bug 335490. Should we combine these bugs, or update the stabilization request?
This has been assigned CVE-2010-3263.
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
Marked ppc/ppc64 stable.
Stable for HPPA.
XSS in webapp -> closing noglsa. Feel free to reopen if you think otherwise.
bug 302745 is B1. This bug will be included in the advisory.
Affected ebuilds were removed from the tree.
This issue was resolved and addressed in
GLSA 201201-01 at http://security.gentoo.org/glsa/glsa-201201-01.xml
by GLSA coordinator Tim Sammut (underling).