Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 368495 (CVE-2011-1940) - <dev-db/phpmyadmin-3.4.1: Multiple vulnerabilities (CVE-2011-{1940,1941})
Summary: <dev-db/phpmyadmin-3.4.1: Multiple vulnerabilities (CVE-2011-{1940,1941})
Alias: CVE-2011-1940
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa]
Depends on:
Reported: 2011-05-23 20:12 UTC by Alex Legler (RETIRED)
Modified: 2012-02-20 05:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2011-05-23 20:12:18 UTC
XSS vulnerability on Tracking page

It was possible to create a crafted table name that leads to XSS.
We consider this vulnerability to be serious.

URL redirection to untrusted site

It was possible to redirect to an arbitrary, untrusted site, leading to a possible phishing attack.
We consider this vulnerability to be serious.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2011-05-23 20:13:31 UTC
Arches, please test and mark stable:
Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-05-24 11:45:52 UTC
x86 stable
Comment 3 Ian Delaney (RETIRED) gentoo-dev 2011-05-24 13:08:34 UTC

emerged ok.
Comment 4 Markos Chandras (RETIRED) gentoo-dev 2011-05-24 14:32:09 UTC
amd64 done. Thanks Ian
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2011-05-24 15:26:36 UTC
Stable for HPPA.
Comment 6 Kacper Kowalik (Xarthisius) (RETIRED) gentoo-dev 2011-05-27 06:27:47 UTC
ppc/ppc64 stable
Comment 7 Raúl Porcel (RETIRED) gentoo-dev 2011-05-28 16:57:46 UTC
alpha/sparc stable
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2011-05-28 17:09:59 UTC
Thanks, everyone. GLSA Vote: no.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2011-10-08 21:29:16 UTC
voting no too, and closing.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2012-02-20 05:36:56 UTC
CVE-2011-1941 (
  Open redirect vulnerability in the redirector feature in phpMyAdmin 3.4.x
  before 3.4.1 allows remote attackers to redirect users to arbitrary web
  sites and conduct phishing attacks via unspecified vectors.

CVE-2011-1940 (
  Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.3.x
  before and 3.4.x before 3.4.1 allow remote attackers to inject
  arbitrary web script or HTML via a crafted table name that triggers improper
  HTML rendering on a Tracking page, related to (1)
  libraries/ and (2) tbl_tracking.php.