[Phpmyadmin-devel] Re: Security announcements
Marc Delisle
Marc.Delisle at cegepsherbrooke.qc.ca
Wed Nov 23 23:20:01 CET 2005
Michal Čihař a écrit :
> On Wed 23. 11. 2005 22:51, Marc Delisle wrote:
>
>>I counted 2 others, so I issued an alert for those 3 problems.
>
>
> We should also handle in same announcement the new one I sent recently.
> It looks to me like it is still not fixed...
The one from debian? I think you fixed it with
* libraries/.htaccess: Deny access to libraries folder over HTTP.
But I would put it in a new announcement, along with the one concerning
HTTP_HOST, since they are both fixed in 2.7.0.
>
>
>>Regarding the new one you just fixed, was it present in 2.6.4?
>
>
> You mean the HTTP_HOST issue? Yes it is, related code is commented to be
> from 2001/25/11...
>
Instead of a backport to QA_2_6_4, I suggest to wait for 2.7.0's release for an
announcement.
Marc
More information about the Developers
mailing list