The branch, master has been updated via cbcceee4553b04209c53e6f0470f7c653fa4496e (commit) via d02c2862658b606340faa7c663d7aa6260a9e959 (commit) from c9b42a3a8dd42964d47c075822ca0d4023aace30 (commit) - Log ----------------------------------------------------------------- commit cbcceee4553b04209c53e6f0470f7c653fa4496e Merge: d02c2862658b606340faa7c663d7aa6260a9e959 c9b42a3a8dd42964d47c075822ca0d4023aace30 Author: Marc Delisle <marc@infomarc.info> Date: Tue Feb 8 10:12:51 2011 -0500 Merge branch 'master' of ssh://phpmyadmin.git.sourceforge.net/gitroot/phpmyadmin/website commit d02c2862658b606340faa7c663d7aa6260a9e959 Author: Marc Delisle <marc@infomarc.info> Date: Tue Feb 8 10:12:16 2011 -0500 New SA ----------------------------------------------------------------------- Summary of changes: templates/security/PMASA-2011-1 | 53 +++++++++++++++++++++++++++++++++++++++ 1 files changed, 53 insertions(+), 0 deletions(-) create mode 100644 templates/security/PMASA-2011-1 diff --git a/templates/security/PMASA-2011-1 b/templates/security/PMASA-2011-1 new file mode 100644 index 0000000..015ec6b --- /dev/null +++ b/templates/security/PMASA-2011-1 @@ -0,0 +1,53 @@ +<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip=""> + +<py:def function="announcement_id"> +PMASA-2011-1 +</py:def> + +<py:def function="announcement_date"> +2011-02-08 +</py:def> + +<py:def function="announcement_summary"> +Path disclosure when some files have been removed +</py:def> + +<py:def function="announcement_description"> +When the files README, ChangeLog or LICENSE have been removed from their +original place (possibly by the distributor), the scripts used to display +these files can show their full path, leading to possible further attacks. +</py:def> + +<py:def function="announcement_mitigation"> +For the error messages to be displayed, php.ini's error_reporting must be set +to E_ALL and display_errors must be On (these settings are not recommended +on a production server in the PHP manual). +</py:def> + +<py:def function="announcement_severity"> +We consider this vulnerability to be non critical. +</py:def> + +<py:def function="announcement_affected"> +The 2.11.x and 3.3.x versions are affected. +</py:def> + +<py:def function="announcement_solution"> +Upgrade to phpMyAdmin 3.3.9.1 or newer (2.11.11.2 or newer for the older +family) or apply the related patch listed below. +</py:def> + +<py:def function="announcement_references"> +Thanks to MustLive from <a href="http://websecurity.com.ua">Websecurity</a> + for reporting this issue. +</py:def> + +<py:def function="announcement_cve">CVE-xxxx-xxxx</py:def> + +<py:def function="announcement_cwe">661 200</py:def> + +<py:def function="announcement_commits"> +</py:def> + +<xi:include href="_page.tpl" /> +</html> hooks/post-receive -- phpMyAdmin website