Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 715660 (CVE-2020-11441) - <dev-db/phpmyadmin-4.9.5: CRLF injection (CVE-2020-11441)
Summary: <dev-db/phpmyadmin-4.9.5: CRLF injection (CVE-2020-11441)
Status: RESOLVED FIXED
Alias: CVE-2020-11441
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://github.com/phpmyadmin/phpmyad...
Whiteboard: B4 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-03-31 18:09 UTC by Sam James
Modified: 2020-05-14 21:23 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-03-31 18:09:44 UTC
Description:
"phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page."
Comment 1 Larry the Git Cow gentoo-dev 2020-04-15 23:56:28 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d702e013bdd2e04a3f78e09c7b198d24b7e8e4ad

commit d702e013bdd2e04a3f78e09c7b198d24b7e8e4ad
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
AuthorDate: 2020-04-15 23:55:49 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>
CommitDate: 2020-04-15 23:56:15 +0000

    dev-db/phpmyadmin: Drop vulnerable release.
    
    Bug: https://bugs.gentoo.org/714014
    Bug: https://bugs.gentoo.org/715660
    Bug: https://bugs.gentoo.org/717630
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org>

 dev-db/phpmyadmin/Manifest                |  1 -
 dev-db/phpmyadmin/phpmyadmin-4.9.2.ebuild | 61 -------------------------------
 2 files changed, 62 deletions(-)
Comment 2 Sam James archtester gentoo-dev Security 2020-05-14 21:23:47 UTC
All done, thanks!