http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php Fixed versions: 4.0.10.7 4.1.14.8 4.2.13.1.
CVE-2014-9219 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9219): Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter. CVE-2014-9218 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9218): libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.
22:02 < irker677> gentoo-x86: jmbsvicetto dev-db/phpmyadmin: Security bump - fixes bug 531684. New versions added to the tree: phpmyadmin-4.1.14.8.ebuild phpmyadmin-4.2.13.1.ebuild phpmyadmin-4.0.10.7.ebuild @security: It should be OK to stabilize the new versions as soon as possible.
Arches, please test and mark stable: =phpmyadmin-4.1.14.8 =phpmyadmin-4.2.13.1 Target Keywords : "alpha amd64 hppa ppc ppc64 spark x86" Thank you!
(In reply to Yury German from comment #3) > Arches, please test and mark stable: > > =phpmyadmin-4.1.14.8 > =phpmyadmin-4.2.13.1 Please post full atoms.
(In reply to Jeroen Roovers from comment #4) > (In reply to Yury German from comment #3) > > Arches, please test and mark stable: > > > > =phpmyadmin-4.1.14.8 > > =phpmyadmin-4.2.13.1 > > Please post full atoms. Here they are: =dev-db/phpmyadmin-4.1.14.8 =dev-db/phpmyadmin-4.2.13.1
x86 done
Stable for HPPA.
amd64 stable
ppc stable
sparc stable
ppc64 stable
alpha stable. Maintainer(s), please cleanup. Security, please vote.
Arches, Thank you for your work. Security Please Vote. First Vote: No Maintainer(s), please drop the vulnerable version(s).
GLSA Vote: No
Maintainer(s), please drop the vulnerable version(s).
15:33 < gentoovcs> jmbsvicetto → gentoo-x86 (dev-db/phpmyadmin/) Bump phpmyadmin to the latest releases and add 4.4.0_beta1. Address CVE-2014-{9218,9219} - fixes bug 531684. Address PMASA-2015-1 - fixes bug 542218. Drop old vulnerable versions. Vulnerable versions cleaned.
Maintainer(s), Thank you for you for cleanup.