The branch, master has been updated
via cbcceee4553b04209c53e6f0470f7c653fa4496e (commit)
via d02c2862658b606340faa7c663d7aa6260a9e959 (commit)
from c9b42a3a8dd42964d47c075822ca0d4023aace30 (commit)
- Log -----------------------------------------------------------------
commit cbcceee4553b04209c53e6f0470f7c653fa4496e
Merge: d02c2862658b606340faa7c663d7aa6260a9e959 c9b42a3a8dd42964d47c075822ca0d4023aace30
Author: Marc Delisle <marc(a)infomarc.info>
Date: Tue Feb 8 10:12:51 2011 -0500
Merge branch 'master' of
ssh://phpmyadmin.git.sourceforge.net/gitroot/phpmyadmin/website
commit d02c2862658b606340faa7c663d7aa6260a9e959
Author: Marc Delisle <marc(a)infomarc.info>
Date: Tue Feb 8 10:12:16 2011 -0500
New SA
-----------------------------------------------------------------------
Summary of changes:
templates/security/PMASA-2011-1 | 53 +++++++++++++++++++++++++++++++++++++++
1 files changed, 53 insertions(+), 0 deletions(-)
create mode 100644 templates/security/PMASA-2011-1
diff --git a/templates/security/PMASA-2011-1 b/templates/security/PMASA-2011-1
new file mode 100644
index 0000000..015ec6b
--- /dev/null
+++ b/templates/security/PMASA-2011-1
@@ -0,0 +1,53 @@
+<html
xmlns:py="http://genshi.edgewall.org/"
xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2011-1
+</py:def>
+
+<py:def function="announcement_date">
+2011-02-08
+</py:def>
+
+<py:def function="announcement_summary">
+Path disclosure when some files have been removed
+</py:def>
+
+<py:def function="announcement_description">
+When the files README, ChangeLog or LICENSE have been removed from their
+original place (possibly by the distributor), the scripts used to display
+these files can show their full path, leading to possible further attacks.
+</py:def>
+
+<py:def function="announcement_mitigation">
+For the error messages to be displayed, php.ini's error_reporting must be set
+to E_ALL and display_errors must be On (these settings are not recommended
+on a production server in the PHP manual).
+</py:def>
+
+<py:def function="announcement_severity">
+We consider this vulnerability to be non critical.
+</py:def>
+
+<py:def function="announcement_affected">
+The 2.11.x and 3.3.x versions are affected.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.3.9.1 or newer (2.11.11.2 or newer for the older
+family) or apply the related patch listed below.
+</py:def>
+
+<py:def function="announcement_references">
+Thanks to MustLive from <a
href="http://websecurity.com.ua">Websecurity</a>
+ for reporting this issue.
+</py:def>
+
+<py:def function="announcement_cve">CVE-xxxx-xxxx</py:def>
+
+<py:def function="announcement_cwe">661 200</py:def>
+
+<py:def function="announcement_commits">
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>
hooks/post-receive
--
phpMyAdmin website