From secunia security advisory ad $URL: Description: 1) Certain unspecified input related to the page title is not properly sanitised in classes/Misc.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "return_url" and "return_desc" parameters in display.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 5.0.3. Solution: Update to version 5.0.3
Ebuild added to CVS.
Thanks Tim. Arches, please test and mark stable: =dev-db/phppgadmin-5.0.3 target KEYWORDS : "amd64 hppa ppc x86"
x86 stable.
looks perfect also on a server amd64 ok
amd64: pass
Stable for HPPA.
amd64 done. Thanks Agostino and Elijah
CVE-2011-3598 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3598): Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or the (2) return_url or (3) return_desc parameter to display.php.
ppc stable, last arch done
Closing noglsa. Please remove vulnerable versions from the tree.