The branch, master has been updated via 1a56dd2e02918cef7485f37af0d0a190664f3374 (commit) from fd6c4ccdbbf9d272dd8e5093f1c9c8981987cf70 (commit)
- Log ----------------------------------------------------------------- commit 1a56dd2e02918cef7485f37af0d0a190664f3374 Author: Marc Delisle marc@infomarc.info Date: Thu Nov 10 09:36:06 2011 -0500
PMASA-2011-17
-----------------------------------------------------------------------
Summary of changes: templates/security/PMASA-2011-17 | 60 ++++++++++++++++++++++++++++++++++++++ 1 files changed, 60 insertions(+), 0 deletions(-) create mode 100644 templates/security/PMASA-2011-17
diff --git a/templates/security/PMASA-2011-17 b/templates/security/PMASA-2011-17 new file mode 100644 index 0000000..9fc013c --- /dev/null +++ b/templates/security/PMASA-2011-17 @@ -0,0 +1,60 @@ +<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip=""> + +<py:def function="announcement_id"> +PMASA-2011-17 +</py:def> + +<py:def function="announcement_date"> +2011-11-10 +</py:def> + +<py:def function="announcement_summary"> +Local file inclusion. +</py:def> + +<py:def function="announcement_description"> +Importing a specially-crafted XML file which contains an XML entity injection +permits to retrieve a local file (limited by the privileges of the user +running the web server). +</py:def> + +<py:def function="announcement_mitigation"> +The attacker must be logged in to MySQL via phpMyAdmin. +</py:def> + +<py:def function="announcement_severity"> +We consider this vulnerability to be serious. +</py:def> + +<py:def function="announcement_affected"> +Versions 3.3.x and 3.4.x are affected. +</py:def> + +<py:def function="announcement_solution"> +Upgrade to phpMyAdmin 3.4.7.1 or newer (or 3.3.10.5) or apply the related patches listed below. +</py:def> + +<py:def function="announcement_references"> +Thanks to Jan Lieskovsky from the Red Hat Security Response Team who warned +the phpMyAdmin project that public disclosure of this problem has occurred. +</py:def> + +<py:def function="announcement_cve">CVE-2011-4107</py:def> + +<py:def function="announcement_cwe">661</py:def> + +<py:def function="announcement_commits_3_4"> +05f96b921a7e7dacd02be5ca61b2e7bdd014ee55 +34d99de000de9d15cfdf5e9cc8b7682d51110bbd +a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5 +</py:def> + +<py:def function="announcement_commits_3_3"> +75606e5f82280eb1a3817badf1b24d512a010b80 +1a89c8ecfd09ceace81fb11e488f12599c0e49b6 +2fbf631384fd8cded55f4500cb87b129442f9ed2 +5fa86b8e81565c15ddbc359e8f59ecd829a2b717 +</py:def> + +<xi:include href="_page.tpl" /> +</html>
hooks/post-receive