[Phpmyadmin-devel] Re: Security announcements

Michal Čihař michal at cihar.com
Thu Nov 24 00:11:07 CET 2005


Hi

On Thu 24. 11. 2005 08:19, Marc Delisle wrote:
> Michal Čihař a écrit :
> > On Wed 23. 11. 2005 22:51, Marc Delisle wrote:
> >>I counted 2 others, so I issued an alert for those 3 problems.
> >
> > We should also handle in same announcement the new one I sent
> > recently. It looks to me like it is still not fixed...
>
> The one from debian? I think you fixed it with
> * libraries/.htaccess: Deny access to libraries folder over HTTP.

This doesn't allow us to ignore holes in libraries and will be in 2.7.1, 
so 2.7.0 is still affected. I'll include that patch.

> But I would put it in a new announcement, along with the one
> concerning HTTP_HOST, since they are both fixed in 2.7.0.
>
> >>Regarding the new one you just fixed, was it present in 2.6.4?
> >
> > You mean the HTTP_HOST issue? Yes it is, related code is commented
> > to be from 2001/25/11...
>
> Instead of a backport to QA_2_6_4, I suggest to wait for 2.7.0's
> release for an announcement.

Okay for me.

-- 
    Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20051124/0f3b3b9e/attachment.sig>


More information about the Developers mailing list