The branch, master has been updated via eba8989fad267c75cf0921aab77bbb038dca3fc2 (commit) from 1dba678617085aed739e65fad249327c4290680e (commit) - Log ----------------------------------------------------------------- commit eba8989fad267c75cf0921aab77bbb038dca3fc2 Author: Marc Delisle <marc@infomarc.info> Date: Mon Nov 29 12:53:44 2010 -0500 PMASA-2010-8 ----------------------------------------------------------------------- Summary of changes: templates/security/{PMASA-2010-7 => PMASA-2010-8} | 23 +++++++++----------- 1 files changed, 10 insertions(+), 13 deletions(-) copy templates/security/{PMASA-2010-7 => PMASA-2010-8} (54%) diff --git a/templates/security/PMASA-2010-7 b/templates/security/PMASA-2010-8 similarity index 54% copy from templates/security/PMASA-2010-7 copy to templates/security/PMASA-2010-8 index 105dcf5..29bd1a1 100644 --- a/templates/security/PMASA-2010-7 +++ b/templates/security/PMASA-2010-8 @@ -1,19 +1,19 @@ <html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip=""> <py:def function="announcement_id"> -PMASA-2010-7 +PMASA-2010-8 </py:def> <py:def function="announcement_date"> -2010-09-08 +2010-11-29 </py:def> <py:def function="announcement_summary"> -XSS attack on setup script. +XSS attack in database search. </py:def> <py:def function="announcement_description"> -It was possible to conduct a XSS attack using spoofed request to setup script. +It was possible to conduct a XSS attack using spoofed request on the db search script. </py:def> <py:def function="announcement_severity"> @@ -21,25 +21,22 @@ We consider this vulnerability to be non critical. </py:def> <py:def function="announcement_affected"> -For 3.x: versions before 3.3.7 are affected. -</py:def> - -<py:def function="announcement_unaffected"> -Branch 2.11.x is not affected by this. +For 3.x: versions before 3.3.8.1 are affected. For 2.11.x: versions before 2.11.11.1 are affected. </py:def> <py:def function="announcement_solution"> -Upgrade to phpMyAdmin 3.3.7 or newer or apply patch listed below. +Upgrade to phpMyAdmin 3.3.8.1 or newer, or 2.11.11.1 if using the 2.11.x family. You can also apply the patch listed below. </py:def> <py:def function="announcement_references"> -Thanks to <a href="http://tenable.com/">Tenable Network Security</a> for reporting this issue. +Thanks to Alexander Opitz for reporting this issue. </py:def> -<py:def function="announcement_cve">CVE-2010-3263</py:def> +<py:def function="announcement_cve">CVE-2010-4329</py:def> <py:def function="announcement_commits"> -73ce5705bd1e0b62060f75702d62f88247ce09dd +4341818d73d454451f024950a4ce0141608ac7f8 +e1f4901ffc400b6d2df15eac0ba5015fe48a27c4 </py:def> <xi:include href="_page.tpl" /> hooks/post-receive -- phpMyAdmin website