The branch, master has been updated via 70b2a9718589eb4b040a5ac67de91fceff4930e8 (commit) via b485ad1a022e5128e8f37c0384fbfb12b4553439 (commit) via 4fc90d8c6a9af036c8bb564faa15be1cae661284 (commit) via 950c4c98010ad59331351dfb4659fc106be2b62d (commit) via b9affc5b9701f68d168b0ee7feafb1cc67ccbee5 (commit) via c53a6a1d961f3819f0d1fc9890496a7986a482b4 (commit) via 924e97227865eb5e6666238096b675e986d9d4c5 (commit) via 7da34555f1d66de6b6e7d018b364fd6bc59eb5fc (commit) via 873a3c8bcca541b79e33f825791658f7ead7651f (commit) via 6b8c417c12222232369120ddd757324d51c3fb27 (commit) via f6b86afaec1d5c8ad7483451a45b89cdbf34ad4e (commit) via e8642202b392f4ac20c5f8b2108d8046b42cad15 (commit) via 5c69648b526ff22826018c4de8bb587d4159d663 (commit) via 9ec98517f2b7c602f605c3c9a2ce3f7b2979fbb6 (commit) from 1e1ed41354c775cbe25e3b708c549c78e4bf3b95 (commit) - Log ----------------------------------------------------------------- commit 70b2a9718589eb4b040a5ac67de91fceff4930e8 Author: Marc Delisle <marc@infomarc.info> Date: Sat Jul 2 21:47:39 2011 -0400 Announcements date commit b485ad1a022e5128e8f37c0384fbfb12b4553439 Merge: 1e1ed41354c775cbe25e3b708c549c78e4bf3b95 4fc90d8c6a9af036c8bb564faa15be1cae661284 Author: Marc Delisle <marc@infomarc.info> Date: Sat Jul 2 21:43:16 2011 -0400 Merge remote branch 'security/website-security' commit 4fc90d8c6a9af036c8bb564faa15be1cae661284 Author: Herman van Rink <rink@initfour.nl> Date: Sat Jul 2 23:23:49 2011 +0200 Lowered PMASA-2011-6 to non critical commit 950c4c98010ad59331351dfb4659fc106be2b62d Author: Herman van Rink <rink@initfour.nl> Date: Sat Jul 2 23:13:40 2011 +0200 Raised to critical commit b9affc5b9701f68d168b0ee7feafb1cc67ccbee5 Author: Herman van Rink <rink@initfour.nl> Date: Sat Jul 2 23:13:20 2011 +0200 Added some CWE commit c53a6a1d961f3819f0d1fc9890496a7986a482b4 Author: Herman van Rink <rink@initfour.nl> Date: Sat Jul 2 22:56:38 2011 +0200 Split commit hashes for 3.3 into separate section with announcement_commits_3_3 commit 924e97227865eb5e6666238096b675e986d9d4c5 Author: Herman van Rink <rink@initfour.nl> Date: Sat Jul 2 22:52:21 2011 +0200 Added Frans Pehrson (Xxor AB) to announcement_references commit 7da34555f1d66de6b6e7d018b364fd6bc59eb5fc Author: Marc Delisle <marc@infomarc.info> Date: Thu Jun 30 17:00:07 2011 -0400 MIME should be spelt in caps commit 873a3c8bcca541b79e33f825791658f7ead7651f Author: Herman van Rink <rink@initfour.nl> Date: Thu Jun 30 22:32:56 2011 +0200 Added PMASA-2011-8 commit 6b8c417c12222232369120ddd757324d51c3fb27 Author: Herman van Rink <rink@initfour.nl> Date: Thu Jun 30 22:32:31 2011 +0200 typo fixes commit f6b86afaec1d5c8ad7483451a45b89cdbf34ad4e Author: Herman van Rink <rink@initfour.nl> Date: Thu Jun 30 22:38:08 2011 +0200 Added trailing period to announcement_summary fields commit e8642202b392f4ac20c5f8b2108d8046b42cad15 Author: Marc Delisle <marc@infomarc.info> Date: Thu Jun 30 15:16:22 2011 -0400 Typos fixed, clarifications added commit 5c69648b526ff22826018c4de8bb587d4159d663 Author: Herman van Rink <rink@initfour.nl> Date: Thu Jun 30 15:18:57 2011 +0200 Added PMASA-2011-6 and PMASA-2011-7 draft commit 9ec98517f2b7c602f605c3c9a2ce3f7b2979fbb6 Author: Herman van Rink <rink@initfour.nl> Date: Thu Jun 30 12:48:32 2011 +0200 PMASA-2011-5 draft ----------------------------------------------------------------------- Summary of changes: templates/security/{PMASA-2011-2 => PMASA-2011-5} | 33 ++++++------ templates/security/PMASA-2011-6 | 58 +++++++++++++++++++++ templates/security/{_PMASA_ => PMASA-2011-7} | 45 +++++----------- templates/security/{PMASA-2011-4 => PMASA-2011-8} | 26 +++++---- 4 files changed, 102 insertions(+), 60 deletions(-) copy templates/security/{PMASA-2011-2 => PMASA-2011-5} (51%) create mode 100644 templates/security/PMASA-2011-6 copy templates/security/{_PMASA_ => PMASA-2011-7} (50%) copy templates/security/{PMASA-2011-4 => PMASA-2011-8} (57%) diff --git a/templates/security/PMASA-2011-2 b/templates/security/PMASA-2011-5 similarity index 51% copy from templates/security/PMASA-2011-2 copy to templates/security/PMASA-2011-5 index 8dfca27..0661593 100644 --- a/templates/security/PMASA-2011-2 +++ b/templates/security/PMASA-2011-5 @@ -3,55 +3,54 @@ <py:def function="announcement_id"> -PMASA-2011-2 +PMASA-2011-5 </py:def> <py:def function="announcement_date"> -2011-02-11 +2011-07-02 </py:def> <py:def function="announcement_summary"> -SQL query could be executed under another user. +Possible session manipulation in Swekey authentication. </py:def> <py:def function="announcement_description"> -It was possible to create a bookmark which would be executed unintentionally by other users. +It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. +This could open a path for other attacks. </py:def> <py:def function="announcement_severity"> We consider this vulnerability to be critical. </py:def> -<py:def function="announcement_mitigation"> -To use this vulnerability, phpMyAdmin configuration storage needs to be -set up and enabled and bookmarks function needs to be enabled. +<py:def function="announcement_affected"> +The 3.4.3 and earlier versions are affected. </py:def> -<py:def function="announcement_affected"> -The 2.11.x and 3.3.x versions are affected. +<py:def function="announcement_unaffected"> +Branch 2.11.x is not affected by this. </py:def> <py:def function="announcement_solution"> -Upgrade to phpMyAdmin 3.3.9.2 or newer (2.11.11.3 or newer for the older -family) or apply the related patch listed below. +Upgrade to phpMyAdmin 3.3.10.2 or 3.4.3.1 or apply the related patch listed below. </py:def> <!--! Links to reporter etc, do not forget to escape & to & --> <py:def function="announcement_references"> -This issue was found by <a href="http://cihar.com/">Michal Čihař</a>. +This issue was found by Frans Pehrson from <a href="http://www.xxor.se">Xxor AB</a> </py:def> <!--! CVE ID of the report, this is automatically added to references --> -<py:def function="announcement_cve">CVE-2011-0987</py:def> +<py:def function="announcement_cve">CVE-2011-2505</py:def> -<py:def function="announcement_cwe">661 89</py:def> +<py:def function="announcement_cwe">661</py:def> <py:def function="announcement_commits"> -a5464b4daff0059cdf8c9e5f4d54a80e2dd2a5b0 +7ebd958b2bf59f96fecd5b3322bdbd0b244a7967 </py:def> -<py:def function="announcement_commits_2_11"> -2fa4c8d97a92ae0d4e2051d5d18a18688c31f84f +<py:def function="announcement_commits_3_3"> +6e6e129f26295c83d67b74e202628a4b8bc49e54 </py:def> <xi:include href="_page.tpl" /> diff --git a/templates/security/PMASA-2011-6 b/templates/security/PMASA-2011-6 new file mode 100644 index 0000000..2a258e5 --- /dev/null +++ b/templates/security/PMASA-2011-6 @@ -0,0 +1,58 @@ +<!--! Template for security announcement --> +<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip=""> + + +<py:def function="announcement_id"> +PMASA-2011-6 +</py:def> + +<py:def function="announcement_date"> +2011-07-02 +</py:def> + +<py:def function="announcement_summary"> +Possible code injection in setup script in case session variables are compromised. +</py:def> + +<py:def function="announcement_description"> +An unsanitized key from the Servers array is written in a comment of the generated config. +An attacker can modify this key by modifying the $_SESSION array. +This allows the attacker to close the comment and inject code. +</py:def> + +<py:def function="announcement_severity"> +We consider this vulnerability to be non critical. +</py:def> + +<py:def function="announcement_affected"> +The 3.4.3 and earlier versions are affected. +</py:def> + +<py:def function="announcement_unaffected"> +Branch 2.11.x is not affected by this. +</py:def> + +<py:def function="announcement_solution"> +Upgrade to phpMyAdmin 3.3.10.2 or 3.4.3.1 or apply the related patch listed below. +</py:def> + +<!--! Links to reporter etc, do not forget to escape & to & --> +<py:def function="announcement_references"> +This issue was found by Frans Pehrson from <a href="http://www.xxor.se">Xxor AB</a> +</py:def> + +<!--! CVE ID of the report, this is automatically added to references --> +<py:def function="announcement_cve">CVE-2011-2506</py:def> + +<py:def function="announcement_cwe">661 116</py:def> + +<py:def function="announcement_commits"> +0fbedaf5fd7a771d0885c6b7385d934fc90d0d7f +</py:def> + +<py:def function="announcement_commits_3_3"> +2e01647949df937040e73a94ce0bac0daecbdcf4 +</py:def> + +<xi:include href="_page.tpl" /> +</html> diff --git a/templates/security/_PMASA_ b/templates/security/PMASA-2011-7 similarity index 50% copy from templates/security/_PMASA_ copy to templates/security/PMASA-2011-7 index 42f4f53..6a1aeb6 100644 --- a/templates/security/_PMASA_ +++ b/templates/security/PMASA-2011-7 @@ -3,75 +3,58 @@ <py:def function="announcement_id"> -PMASA-2011-? +PMASA-2011-7 </py:def> <py:def function="announcement_date"> -2011-??-?? +2011-07-02 </py:def> -<!--! Optional section, use only if something has been changed -<py:def function="announcement_updated"> -2011-??-?? -</py:def> ---> - <py:def function="announcement_summary"> +Regular expression quoting issue in Synchronize code. </py:def> - -<!--! If you need to avoid toplevel <p></p>, use this: -<py:def function="announcement_description_fmt"> ---> <py:def function="announcement_description"> +Through a possible bug in PHP running on Windows systems a null byte can truncate the pattern string allowing an attacker to inject the /e modifier causing the preg_replace function to execute its second argument as PHP code. </py:def> <py:def function="announcement_severity"> +We consider this vulnerability to be serious. </py:def> -<!--! Optional section <py:def function="announcement_mitigation"> +Only PHP running on Windows has been found to be vulnerable, Linux and OpenBSD are not affected. </py:def> ---> <py:def function="announcement_affected"> +The 3.4.3 and earlier versions are affected. </py:def> -<!--! Optional section <py:def function="announcement_unaffected"> +Branch 2.11.x is not affected by this. </py:def> ---> <py:def function="announcement_solution"> -Upgrade to phpMyAdmin ???? or newer or apply patch listed below. +Upgrade to phpMyAdmin 3.3.10.2 or 3.4.3.1 or apply the related patch listed below. </py:def> <!--! Links to reporter etc, do not forget to escape & to & --> <py:def function="announcement_references"> +This issue was found by Frans Pehrson from <a href="http://www.xxor.se">Xxor AB</a> </py:def> <!--! CVE ID of the report, this is automatically added to references --> -<py:def function="announcement_cve">CVE-201x-xxxx</py:def> +<py:def function="announcement_cve">CVE-2011-2507</py:def> -<!--! CWE IDs of the problem, CWE provides categorisation of the problems, -661 is "Weaknesses in Software Written in PHP" -See http://nvd.nist.gov/cwe.cfm for more information ---> <py:def function="announcement_cwe">661</py:def> -<!--! Links to SVN or tracker, do not forget to escape & to & --> -<py:def function="announcement_patches"> -</py:def> - -<!--! Optional section with list of commits fixing this, one per line <py:def function="announcement_commits"> +69fb0f8e7dc38075427aceaf09bcac697d0590ff </py:def> ---> -<!--! Optional section with list of commits fixing this for 2.11 branch, one per line -<py:def function="announcement_commits_2_11"> +<py:def function="announcement_commits_3_3"> +ca74f480f119a53ef07ca40d2ab28f063cc89ec9 </py:def> ---> <xi:include href="_page.tpl" /> </html> diff --git a/templates/security/PMASA-2011-4 b/templates/security/PMASA-2011-8 similarity index 57% copy from templates/security/PMASA-2011-4 copy to templates/security/PMASA-2011-8 index 8ea0026..8cd1be6 100644 --- a/templates/security/PMASA-2011-4 +++ b/templates/security/PMASA-2011-8 @@ -3,20 +3,19 @@ <py:def function="announcement_id"> -PMASA-2011-4 +PMASA-2011-8 </py:def> <py:def function="announcement_date"> -2011-05-22 +2011-07-02 </py:def> <py:def function="announcement_summary"> -URL redirection to untrusted site. +Possible directory traversal. </py:def> <py:def function="announcement_description"> -It was possible to redirect to an arbitrary, untrusted site, leading to -a possible phishing attack. +Fixed filtering of a file path in the MIME-type transformation code, which allowed for directory traversal. </py:def> <py:def function="announcement_severity"> @@ -24,26 +23,29 @@ We consider this vulnerability to be serious. </py:def> <py:def function="announcement_affected"> -The 3.4.0 version is affected. +The 3.4.3 and earlier versions are affected. </py:def> <py:def function="announcement_solution"> -Upgrade to phpMyAdmin 3.4.1 or apply the related patch listed below. +Upgrade to phpMyAdmin 3.3.10.2 or 3.4.3.1 or apply the related patch listed below. </py:def> <!--! Links to reporter etc, do not forget to escape & to & --> <py:def function="announcement_references"> -This issue was found by Kian Mohageri. +This issue was found by Frans Pehrson from <a href="http://www.xxor.se">Xxor AB</a> </py:def> <!--! CVE ID of the report, this is automatically added to references --> -<py:def function="announcement_cve">CVE-2011-1941</py:def> +<py:def function="announcement_cve">CVE-2011-2508</py:def> -<py:def function="announcement_cwe">661 601</py:def> +<py:def function="announcement_cwe">661 98</py:def> <py:def function="announcement_commits"> -b7a8179eb6bf0f1643970ac57a70b5b513a1cd4f -ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d +b434320eff8ca9c2fc1b043c1804f868341af9a7 +</py:def> + +<py:def function="announcement_commits_3_3"> +5ee357a572866e730d83f56d6187a67c7c48e523 </py:def> <xi:include href="_page.tpl" /> hooks/post-receive -- phpMyAdmin website