Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 197575 (CVE-2007-5728) - dev-db/phppgadmin <= 4.1.2 login.php XSS (CVE-2007-5728)
Summary: dev-db/phppgadmin <= 4.1.2 login.php XSS (CVE-2007-5728)
Status: RESOLVED FIXED
Alias: CVE-2007-5728
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/25446/
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-10-31 00:42 UTC by Robert Buchholz (RETIRED)
Modified: 2007-11-15 02:23 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-10-31 00:42:11 UTC 
CVE-2007-5728 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5728):
  Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and
  possibly 4.1.2, allows remote attackers to inject arbitrary web script or
  HTML via certain input available in PHP_SELF in (1) redirect.php, possibly
  related to (2) login.php, different vectors than CVE-2007-2865.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2007-10-31 00:45:26 UTC 
Seems the fix from bug 180133 did not completely clean this, the Secunia advisory is updated to show 4.1.2 vulnerable.

Web-Apps and Postgres, please advise.
Comment 2 Gunnar Wrobel (RETIRED) gentoo-dev 2007-10-31 04:55:09 UTC 
4.1.3 has been in the tree for a while and should be stabilized then.

Targets: amd64 hppa ppc sparc x86
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2007-10-31 05:23:14 UTC 
Stable for HPPA.
Comment 4 Markus Meier gentoo-dev 2007-11-01 12:35:54 UTC 
x86 stable
Comment 5 Raúl Porcel (RETIRED) gentoo-dev 2007-11-05 15:52:19 UTC 
sparc stable
Comment 6 Tobias Scherbaum (RETIRED) gentoo-dev 2007-11-06 18:04:04 UTC 
ppc stable
Comment 7 Alex Howells (RETIRED) gentoo-dev 2007-11-14 03:04:39 UTC 
Stable on AMD64 :)
Comment 8 Robert Buchholz (RETIRED) gentoo-dev 2007-11-14 17:42:47 UTC 
GLSA vote.

I vote NO.
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-11-14 19:56:26 UTC 
no too and closing.