[Phpmyadmin-devel] Re: Security announcements
michal at cihar.com
Thu Nov 24 00:11:07 CET 2005
On Thu 24. 11. 2005 08:19, Marc Delisle wrote:
> Michal Čihař a écrit :
> > On Wed 23. 11. 2005 22:51, Marc Delisle wrote:
> >>I counted 2 others, so I issued an alert for those 3 problems.
> > We should also handle in same announcement the new one I sent
> > recently. It looks to me like it is still not fixed...
> The one from debian? I think you fixed it with
> * libraries/.htaccess: Deny access to libraries folder over HTTP.
This doesn't allow us to ignore holes in libraries and will be in 2.7.1,
so 2.7.0 is still affected. I'll include that patch.
> But I would put it in a new announcement, along with the one
> concerning HTTP_HOST, since they are both fixed in 2.7.0.
> >>Regarding the new one you just fixed, was it present in 2.6.4?
> > You mean the HTTP_HOST issue? Yes it is, related code is commented
> > to be from 2001/25/11...
> Instead of a backport to QA_2_6_4, I suggest to wait for 2.7.0's
> release for an announcement.
Okay for me.
Michal Čihař | http://cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Developers