[Phpmyadmin-devel] Re: Yet another XSS?
Michal Čihař
michal at cihar.com
Wed Nov 23 08:07:03 CET 2005
On Wed 23. 11. 2005 16:54, Marc Delisle wrote:
> Michal Čihař a écrit :
> > Hi all
> >
> > anyone working on this?
> >
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340438
>
> The Debian guy says that they believe it was fixed in 2.6.4-pl4.
Not in 2.6.4-pl4 but in 2.6.4-pl4-2 which includes patch attached to
that bug report. It probably (report is not yet public so it's only my
guess) is about:
http://pma/libraries/header_http.inc.php?GLOBALS[charset]=something_evil
What still works in HEAD.
--
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051123/49e1b94b/attachment.sig>
More information about the Developers
mailing list