From ${URL} : A vulnerability allowing to complete reCaptcha test and subsequently perform a brute force attack to guess user credentials without having to complete further reCaptcha tests was found. This vulnerability only affects installations with reCaptcha test enabled. Affected versions are 4.3.x (prior to 4.3.13.2) and 4.4.x (prior to 4.4.14.1) Upstream patches: Fix for 4.3: https://github.com/phpmyadmin/phpmyadmin/commit/0314e67900f01410bc8c81c58a40dc0515e3c91d Fix for 4.4: https://github.com/phpmyadmin/phpmyadmin/commit/785f4e2711848eb8945894199d5870253a88584e @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
18:49 < gentoovcs> jmbsvicetto → repo/gentoo (dev-db/phpmyadmin/) Bump phpmyadmin to releases 4.4.13.3, 4.4.14.1 and 4.5.0_rc1 - fixes bug 560408 (CVE-2015-6830). 18:49 < willikins> gentoovcs: https://bugs.gentoo.org/560408 "dev-db/phpmyadmin: Bypassing the reCaptcha test"; Gentoo Security, Vulnerabilities; IN_P; ago:security Bump done. (In reply to Agostino Sarubbo from comment #0) > @maintainer(s): after the bump, in case we need to stabilize the package, > please let us know if it is ready for the stabilization or not. To be able to drop the old versions, we need to get newer versions marked stable. I would like to get the following keywords: KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86" for these versions: =dev-db/phpmyadmin-4.3.13.3 =dev-db/phpmyadmin-4.4.14.1
Stable for HPPA PPC64.
Both stable for alpha.
amd64 stable
x86 stable
sparc stable
ppc stable. Maintainer(s), please cleanup. Security, please vote.
Vote: NO.
GLSA Vote: No
The affected versions were dropped[1]. [1] - https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-db/phpmyadmin/
Thank you all. Closing as noglsa.
