The branch, master has been updated via e3596488cc4eed5e8a8d89a66b115bc74fe8d79b (commit) from ebcfdbdef73254b04ee4f557cba36df87b43b026 (commit)
- Log ----------------------------------------------------------------- commit e3596488cc4eed5e8a8d89a66b115bc74fe8d79b Author: Marc Delisle marc@infomarc.info Date: Fri Jul 8 17:18:39 2011 -0400
Revert "New advisories"
This reverts commit d79dc1d237de4c3246745c269376db7b99a9d1cb.
These should not have been published yet.
-----------------------------------------------------------------------
Summary of changes: templates/security/PMASA-2011-10 | 52 ------------------------------------ templates/security/PMASA-2011-9 | 54 -------------------------------------- 2 files changed, 0 insertions(+), 106 deletions(-) delete mode 100644 templates/security/PMASA-2011-10 delete mode 100644 templates/security/PMASA-2011-9
diff --git a/templates/security/PMASA-2011-10 b/templates/security/PMASA-2011-10 deleted file mode 100644 index 77c3148..0000000 --- a/templates/security/PMASA-2011-10 +++ /dev/null @@ -1,52 +0,0 @@ -<!--! Template for security announcement --> -<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip=""> - - -<py:def function="announcement_id"> -PMASA-2011-10 -</py:def> - -<py:def function="announcement_date"> -2011-07-XX -</py:def> - -<py:def function="announcement_summary"> -Local file inclusion. -</py:def> - -<py:def function="announcement_description"> -Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion. -</py:def> - -<py:def function="announcement_severity"> -We consider this vulnerability to be serious. -</py:def> - -<py:def function="announcement_mitigation"> -The phpMyAdmin's configuration storage mechanism must be configured for this attack to work. -</py:def> - -<py:def function="announcement_affected"> -Versions 3.4.0 to 3.4.3.1 are affected. -</py:def> - -<py:def function="announcement_solution"> -Upgrade to phpMyAdmin 3.4.3.2 or apply the related patch listed below. -</py:def> - -<!--! Links to reporter etc, do not forget to escape & to & --> -<py:def function="announcement_references"> -This issue was found by Norman Hippert from <a href="http://www.the-wildcat.de/">The-Wildcat.de</a> -</py:def> - -<!--! CVE ID of the report, this is automatically added to references --> -<py:def function="announcement_cve">CVE-2011-XXXX</py:def> - -<py:def function="announcement_cwe">661 98</py:def> - -<py:def function="announcement_commits"> -f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c -</py:def> - -<xi:include href="_page.tpl" /> -</html> diff --git a/templates/security/PMASA-2011-9 b/templates/security/PMASA-2011-9 deleted file mode 100644 index e34d305..0000000 --- a/templates/security/PMASA-2011-9 +++ /dev/null @@ -1,54 +0,0 @@ -<!--! Template for security announcement --> -<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip=""> - - -<py:def function="announcement_id"> -PMASA-2011-9 -</py:def> - -<py:def function="announcement_date"> -2011-07-XX -</py:def> - -<py:def function="announcement_summary"> -XSS in table Print view. -</py:def> - -<py:def function="announcement_description"> -The attacker must trick the victim into clicking a link that reaches phpMyAdmin's table print view script; one of the link's parameters is a crafted table name (the name containing Javascript code). -</py:def> - -<py:def function="announcement_severity"> -We consider this vulnerability to be minor. -</py:def> - -<py:def function="announcement_mitigation"> -The crafted table name must exist (the attacker must have access to create a table on the victim's server). -</py:def> - -<py:def function="announcement_affected"> -The 3.4.3.1 and earlier versions are affected. -</py:def> - -<py:def function="announcement_solution"> -Upgrade to phpMyAdmin 3.4.3.2 or apply the related patch listed below. -</py:def> - -<!--! Links to reporter etc, do not forget to escape & to & --> -<py:def function="announcement_references"> -This issue was found by Norman Hippert from <a href="http://www.the-wildcat.de/">The-Wildcat.de</a> -</py:def> - -<!--! CVE ID of the report, this is automatically added to references --> -<py:def function="announcement_cve">CVE-2011-XXXX</py:def> - -<py:def function="announcement_cwe">661 79</py:def> - -<py:def function="announcement_commits"> -a0823be05aa5835f207c0838b9cca67d2d9a050a -4bd27166c314faa37cada91533b86377f4d4d214 - -</py:def> - -<xi:include href="_page.tpl" /> -</html>
hooks/post-receive