Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 71819 - dev-db/phpmyadmin: Multiple XSS vulnerabilities
Summary: dev-db/phpmyadmin: Multiple XSS vulnerabilities
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [glsa] jaervosz
Depends on:
Reported: 2004-11-20 01:18 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2004-11-27 06:01 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-20 01:18:13 UTC
Multiple XSS vulnerabilites in phpmyadmin, see link for full details. Original advisory is here:
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-20 01:19:49 UTC
Tom please bump to p3.
Comment 2 Tom Payne (RETIRED) gentoo-dev 2004-11-22 14:22:39 UTC
p3 now in portage, stable on x86.
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-22 23:01:19 UTC
Thx Tom. Arches please test and mark p3 stable.
Comment 4 Guy Martin (RETIRED) gentoo-dev 2004-11-23 05:26:59 UTC
Stable on hppa.
Comment 5 Gustavo Zacarias (RETIRED) gentoo-dev 2004-11-23 10:53:18 UTC
sparc stable.
Comment 6 Simon Stelling (RETIRED) gentoo-dev 2004-11-23 11:01:01 UTC
amd64 stable
Comment 7 Bryan Østergaard (RETIRED) gentoo-dev 2004-11-23 16:28:27 UTC
Alpha stable.
Comment 8 Joe Jezak (RETIRED) gentoo-dev 2004-11-24 00:26:42 UTC
Marked stable on ppc.
Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2004-11-24 01:11:15 UTC
I vote "no GLSA" as XSS exploit on an internal administration application is so unlikely...
Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2004-11-24 01:20:54 UTC
I tend to vote for a GLSA.
Comment 11 Matthias Geerdsen (RETIRED) gentoo-dev 2004-11-26 00:31:46 UTC
Since phpadmin is pretty widely used and I'm not sure if everyone is only using it for internal access, I would vote for a GLSA too.
Comment 12 Thierry Carrez (RETIRED) gentoo-dev 2004-11-26 00:56:12 UTC
OK ok :)
Comment 13 Luke Macken (RETIRED) gentoo-dev 2004-11-26 19:57:17 UTC
GLSA drafted; security, please review.
Comment 14 Luke Macken (RETIRED) gentoo-dev 2004-11-27 06:01:47 UTC
GLSA 200411-36