Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 648330 (CVE-2018-7260) - <dev-db/phpmyadmin-4.7.8: self-cross site scripting (XSS) vulnerability (CVE-2018-7260)
Summary: <dev-db/phpmyadmin-4.7.8: self-cross site scripting (XSS) vulnerability (CVE-...
Status: RESOLVED FIXED
Alias: CVE-2018-7260
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on: CVE-2018-15605
Blocks:
  Show dependency tree
 
Reported: 2018-02-20 20:09 UTC by GLSAMaker/CVETool Bot
Modified: 2019-03-10 03:38 UTC (History)
2 users (show)

See Also:
Package list:
dev-db/phpmyadmin-4.7.8
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2018-02-20 20:09:43 UTC
CVE-2018-7260 (https://nvd.nist.gov/vuln/detail/CVE-2018-7260):
  A self-cross site scripting (XSS) in phpMyaAdmin prior 4.7.8 has been found
  in the central columns feature.
Comment 1 Larry the Git Cow gentoo-dev 2018-02-20 20:41:59 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/dev/jmbsvicetto.git/commit/?id=73b92f19276632457cf75055da1e0bc58ee4912c

commit 73b92f19276632457cf75055da1e0bc58ee4912c
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2018-02-20 20:41:33 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2018-02-20 20:41:33 +0000

    dev-db/phpmyadmin: Security bump to address PMASA-2018-1 (CVE-2018-7260).
    Bug: https://bugs.gentoo.org/648330
    
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 dev-db/phpmyadmin/Manifest                |  1 +
 dev-db/phpmyadmin/phpmyadmin-4.7.8.ebuild | 61 +++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)}
Comment 2 Larry the Git Cow gentoo-dev 2018-02-20 21:18:18 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5d2d30f1cbd1b05e3f0690a9198cd6f348e316d

commit e5d2d30f1cbd1b05e3f0690a9198cd6f348e316d
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2018-02-20 21:15:56 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2018-02-20 21:15:56 +0000

    dev-db/phpmyadmin: Security bump to address PMASA-2018-1 (CVE-2018-7260).
    Bug: https://bugs.gentoo.org/648330
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 dev-db/phpmyadmin/Manifest                |  1 +
 dev-db/phpmyadmin/phpmyadmin-4.7.8.ebuild | 61 +++++++++++++++++++++++++++++++
 2 files changed, 62 insertions(+)}
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2018-02-21 15:16:30 UTC
@Arches please test and mark stable
Comment 4 Agostino Sarubbo gentoo-dev 2018-02-22 12:04:29 UTC
amd64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2018-02-25 18:23:36 UTC
x86 stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2018-03-05 17:14:48 UTC
Stable on alpha.
Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev 2018-04-07 20:48:07 UTC
ppc64 stable
Comment 8 Matt Turner gentoo-dev 2018-04-22 20:45:01 UTC
hppa stable keywords dropped
Comment 9 Rolf Eike Beer archtester 2018-09-19 16:18:17 UTC
sparc done.
Comment 10 ernsteiswuerfel archtester 2018-10-07 22:55:44 UTC
Looking good on ppc.

# cat phpmyadmin-648330.report 
USE tests started on Mo 8. Okt 00:17:14 CEST 2018

FEATURES=' test' USE='' succeeded for =dev-db/phpmyadmin-4.7.8
USE='-setup -vhosts' succeeded for =dev-db/phpmyadmin-4.7.8
USE='setup -vhosts' succeeded for =dev-db/phpmyadmin-4.7.8
USE='-setup vhosts' succeeded for =dev-db/phpmyadmin-4.7.8
USE='setup vhosts' succeeded for =dev-db/phpmyadmin-4.7.8