The branch, master has been updated via ed7fc69cfb5cfea1ed3086a303672813108ac474 (commit) from edf479236124f733e845988fcdfaf64aada325fe (commit) - Log ----------------------------------------------------------------- commit ed7fc69cfb5cfea1ed3086a303672813108ac474 Author: Marc Delisle <marc@infomarc.info> Date: Mon Jul 25 12:44:14 2011 -0400 Update for PMASA-2011-12 ----------------------------------------------------------------------- Summary of changes: templates/security/PMASA-2011-12 | 9 +++++---- 1 files changed, 5 insertions(+), 4 deletions(-) diff --git a/templates/security/PMASA-2011-12 b/templates/security/PMASA-2011-12 index ed27796..7405881 100644 --- a/templates/security/PMASA-2011-12 +++ b/templates/security/PMASA-2011-12 @@ -11,16 +11,16 @@ PMASA-2011-12 </py:def> <py:def function="announcement_updated"> -2011-07-24 +2011-07-25 </py:def> <py:def function="announcement_summary"> -Possible session manipulation in swekey authentication. +Possible superglobal and local variables manipulation in swekey authentication. </py:def> <py:def function="announcement_description"> -It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. -This is very similar to PMASA-2011-5. +It was possible to manipulate the PHP superglobals (including SESSION) using some of the Swekey authentication code. Also, variables local to the affected Swekey function were at risk. +This is similar to PMASA-2011-5. </py:def> <py:def function="announcement_severity"> @@ -28,6 +28,7 @@ We consider this vulnerability to be critical. </py:def> <py:def function="announcement_mitigation"> +The Swekey authentication mechanism must be activated (which is not a requirement in the case of PMASA-2011-5). </py:def> <py:def function="announcement_affected"> hooks/post-receive -- phpMyAdmin website