CVE-2012-4579 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4579): Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via a Table Operations (1) TRUNCATE or (2) DROP link for a crafted table name, (3) the Add Trigger popup within a Triggers page that references crafted table names, (4) an invalid trigger-creation attempt for a crafted table name, (5) crafted data in a table, or (6) a crafted tooltip label name during GIS data visualization, a different issue than CVE-2012-4345. CVE-2012-4345 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4345): Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name. CVE-2012-4219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4219): show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message, related to lack of inclusion of the common.inc.php library file.
Arches, please test and mark stable: =dev-db/phpmyadmin-3.5.2.2 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
x86: is OK (compile, check with repoman, run (under Apache)) Please mark stable for x86
amd64 stable
x86 stable. Thanks Mikle.
Stable for HPPA.
alpha/sparc stable, ia64 is not stable
ppc/ppc64 stable, last arch done
Thanks, everyone. GLSA vote: no.
Thanks, folks. GLSA Vote: no too, closing noglsa.