The branch, master has been updated via 0ba391899c7a615b296db5a615af5420fe39425e (commit) from e82bd718d317feab97dc8e13e8a8d7d20fd9988d (commit) - Log ----------------------------------------------------------------- commit 0ba391899c7a615b296db5a615af5420fe39425e Author: Michal Čihař &lt;mcihar(a)novell.com&gt; Date: Sat Dec 11 20:44:03 2010 +0100 Announce security issues fixed in beta1 ----------------------------------------------------------------------- Summary of changes: templates/security/PMASA-2010-10 | 54 ++++++++++++++++++++++++++++++++++++++ templates/security/PMASA-2010-9 | 49 ++++++++++++++++++++++++++++++++++ 2 files changed, 103 insertions(+), 0 deletions(-) create mode 100644 templates/security/PMASA-2010-10 create mode 100644 templates/security/PMASA-2010-9 diff --git a/templates/security/PMASA-2010-10 b/templates/security/PMASA-2010-10 new file mode 100644 index 0000000..bfa7c05 --- /dev/null +++ b/templates/security/PMASA-2010-10 @@ -0,0 +1,54 @@ +<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip=""> + +<py:def function="announcement_id"> +PMASA-2010-10 +</py:def> + +<py:def function="announcement_date"> +2010-12-07 +</py:def> + +<py:def function="announcement_summary"> +Possible information disclosure. +</py:def> + +<py:def function="announcement_description"> +Unauthenticated user was able to display phpinfo output if phpMyAdmin was +enabled to show it. +</py:def> + +<py:def function="announcement_severity"> +The issue is considered minor, because this feature is not enabled in default +installation. +</py:def> + +<py:def function="announcement_mitigation"> +Default installation is not affected, because $cfg['ShowPhpInfo'] is false by +default. +</py:def> + +<py:def function="announcement_affected"> +All versions prior to 3.4.0-beta1. +</py:def> + +<py:def function="announcement_solution"> +Upgrade to phpMyAdmin 3.4.0-beta1 or newer or apply patch listed below. +</py:def> + +<!--! Links to reporter etc, do not forget to escape & to &amp; --> +<py:def function="announcement_references"> +This issue was reported by <a href="mailto:joerg@alea.gnuu.de">Jörg +Sommer</a>. +</py:def> + +<!--! CVE ID of the report, this is automatically added to references --> +<py:def function="announcement_cve">CVE-2010-4481</py:def> + +<py:def function="announcement_cwe">661 200</py:def> + +<py:def function="announcement_commits"> +4d9fd005671b05c4d74615d5939ed45e4d019e4c +</py:def> + +<xi:include href="_page.tpl" /> +</html> diff --git a/templates/security/PMASA-2010-9 b/templates/security/PMASA-2010-9 new file mode 100644 index 0000000..2a40a9f --- /dev/null +++ b/templates/security/PMASA-2010-9 @@ -0,0 +1,49 @@ +<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip=""> + +<py:def function="announcement_id"> +PMASA-2010-9 +</py:def> + +<py:def function="announcement_date"> +2010-12-07 +</py:def> + +<py:def function="announcement_summary"> +Unvalidated input on error page. +</py:def> + +<py:def function="announcement_description"> +It was possible to display arbitrary text and link to external site using +parameters passed to particular script. +</py:def> + +<py:def function="announcement_severity"> +This issue is considered minor, because the only purpose of affected file is to +display an error message. +</py:def> + +<py:def function="announcement_affected"> +All versions prior to 3.4.0-beta1. +</py:def> + +<py:def function="announcement_solution"> +Upgrade to phpMyAdmin 3.4.0-beta1 or newer or apply patch listed below. +</py:def> + +<!--! Links to reporter etc, do not forget to escape & to &amp; --> +<py:def function="announcement_references"> +This issue was reported by <a +href="http://www.exploit-db.com/exploits/15699/">Tiger Security Team</a>. +</py:def> + +<!--! CVE ID of the report, this is automatically added to references --> +<py:def function="announcement_cve">CVE-2010-4480</py:def> + +<py:def function="announcement_cwe">661 20</py:def> + +<py:def function="announcement_commits"> +aa6fec0532a9dd48d4e35831c1b1c9785c124dd7 +</py:def> + +<xi:include href="_page.tpl" /> +</html> hooks/post-receive -- phpMyAdmin website