[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. bcbcfd5e66c112a8e8a48fc873a18c22864d5dc2

Michal Čihař nijel at users.sourceforge.net
Mon Aug 30 17:53:04 CEST 2010 

The branch, master has been updated
       via  bcbcfd5e66c112a8e8a48fc873a18c22864d5dc2 (commit)
      from  4879bee1c7309200dbccffcce54e540b1ecf5965 (commit)


- Log -----------------------------------------------------------------
commit bcbcfd5e66c112a8e8a48fc873a18c22864d5dc2
Author: Michal Čihař <mcihar at novell.com>
Date:   Mon Aug 30 17:52:22 2010 +0200

    Add PMASA-2010-6 for 3.3.6.

-----------------------------------------------------------------------

Summary of changes:
 templates/security/PMASA-2010-6 |   53 +++++++++++++++++++++++++++++++++++++++
 1 files changed, 53 insertions(+), 0 deletions(-)
 create mode 100644 templates/security/PMASA-2010-6

diff --git a/templates/security/PMASA-2010-6 b/templates/security/PMASA-2010-6
new file mode 100644
index 0000000..235c977
--- /dev/null
+++ b/templates/security/PMASA-2010-6
@@ -0,0 +1,53 @@
+<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2010-6
+</py:def>
+
+<py:def function="announcement_date">
+2010-08-30
+</py:def>
+
+<py:def function="announcement_summary">
+XSS attack using debugging messages.
+</py:def>
+
+<py:def function="announcement_description">
+It was possible to conduct a XSS attack using error messages in PHP backtrace.
+</py:def>
+
+<py:def function="announcement_mitigation">
+Additional steps from administrator are required to actually exploit this
+issue (phpMyAdmin error reporting and collection needs to be enabled, what 
+is against recommendation for production setup).
+</py:def>
+
+<py:def function="announcement_severity">
+We consider this vulnerability to be non critical.
+</py:def>
+
+<py:def function="announcement_affected">
+For 3.x: versions before 3.3.6 are affected.
+</py:def>
+
+<py:def function="announcement_unaffected">
+Branch 2.11.x is not affected by this.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.3.6 or newer or apply patch listed below.
+</py:def>
+
+<py:def function="announcement_references">
+Thanks to Aung Khant from <a href="http://yehg.net">YGN Ethical Hacker Group,
+Myanmar</a> for reporting this issue.
+</py:def>
+
+<py:def function="announcement_cve">CVE-2010-3056</py:def>
+
+<py:def function="announcement_commits">
+133a77fac7d31a38703db2099a90c1b49de62e37
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>


hooks/post-receive
-- 
phpMyAdmin website

More information about the Git mailing list