The branch, master has been updated via bcbcfd5e66c112a8e8a48fc873a18c22864d5dc2 (commit) from 4879bee1c7309200dbccffcce54e540b1ecf5965 (commit)
- Log ----------------------------------------------------------------- commit bcbcfd5e66c112a8e8a48fc873a18c22864d5dc2 Author: Michal Čihař mcihar@novell.com Date: Mon Aug 30 17:52:22 2010 +0200
Add PMASA-2010-6 for 3.3.6.
-----------------------------------------------------------------------
Summary of changes: templates/security/PMASA-2010-6 | 53 +++++++++++++++++++++++++++++++++++++++ 1 files changed, 53 insertions(+), 0 deletions(-) create mode 100644 templates/security/PMASA-2010-6
diff --git a/templates/security/PMASA-2010-6 b/templates/security/PMASA-2010-6 new file mode 100644 index 0000000..235c977 --- /dev/null +++ b/templates/security/PMASA-2010-6 @@ -0,0 +1,53 @@ +<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip=""> + +<py:def function="announcement_id"> +PMASA-2010-6 +</py:def> + +<py:def function="announcement_date"> +2010-08-30 +</py:def> + +<py:def function="announcement_summary"> +XSS attack using debugging messages. +</py:def> + +<py:def function="announcement_description"> +It was possible to conduct a XSS attack using error messages in PHP backtrace. +</py:def> + +<py:def function="announcement_mitigation"> +Additional steps from administrator are required to actually exploit this +issue (phpMyAdmin error reporting and collection needs to be enabled, what +is against recommendation for production setup). +</py:def> + +<py:def function="announcement_severity"> +We consider this vulnerability to be non critical. +</py:def> + +<py:def function="announcement_affected"> +For 3.x: versions before 3.3.6 are affected. +</py:def> + +<py:def function="announcement_unaffected"> +Branch 2.11.x is not affected by this. +</py:def> + +<py:def function="announcement_solution"> +Upgrade to phpMyAdmin 3.3.6 or newer or apply patch listed below. +</py:def> + +<py:def function="announcement_references"> +Thanks to Aung Khant from <a href="http://yehg.net">YGN Ethical Hacker Group, +Myanmar</a> for reporting this issue. +</py:def> + +<py:def function="announcement_cve">CVE-2010-3056</py:def> + +<py:def function="announcement_commits"> +133a77fac7d31a38703db2099a90c1b49de62e37 +</py:def> + +<xi:include href="_page.tpl" /> +</html>
hooks/post-receive