[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. 7c290f83461799b801e255f82bffee0298d84bd4

Michal Čihař nijel at users.sourceforge.net
Wed Sep 8 10:20:19 CEST 2010 

The branch, master has been updated
       via  7c290f83461799b801e255f82bffee0298d84bd4 (commit)
       via  2e71cc6795e8da72c6e98f333f483c9a5b3273f7 (commit)
      from  ce0ca9b4ffa03b4211ebbbc50036b441b1aa62d4 (commit)


- Log -----------------------------------------------------------------
commit 7c290f83461799b801e255f82bffee0298d84bd4
Author: Michal Čihař <mcihar at novell.com>
Date:   Wed Sep 8 10:19:48 2010 +0200

    Add security announcement.

commit 2e71cc6795e8da72c6e98f333f483c9a5b3273f7
Author: Michal Čihař <mcihar at novell.com>
Date:   Wed Sep 8 10:19:37 2010 +0200

    Ignore cache.

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                                        |    1 +
 templates/security/{PMASA-2010-6 => PMASA-2010-7} |   23 +++++++-------------
 2 files changed, 9 insertions(+), 15 deletions(-)
 copy templates/security/{PMASA-2010-6 => PMASA-2010-7} (55%)

diff --git a/.gitignore b/.gitignore
index 5c5490b..3009793 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 *.pyc
 *.swp
 output
+cache
diff --git a/templates/security/PMASA-2010-6 b/templates/security/PMASA-2010-7
similarity index 55%
copy from templates/security/PMASA-2010-6
copy to templates/security/PMASA-2010-7
index 6db9c7e..cd27dc8 100644
--- a/templates/security/PMASA-2010-6
+++ b/templates/security/PMASA-2010-7
@@ -1,25 +1,19 @@
 <html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
 
 <py:def function="announcement_id">
-PMASA-2010-6
+PMASA-2010-7
 </py:def>
 
 <py:def function="announcement_date">
-2010-08-30
+2010-09-08
 </py:def>
 
 <py:def function="announcement_summary">
-XSS attack using debugging messages.
+XSS attack on setup script.
 </py:def>
 
 <py:def function="announcement_description">
-It was possible to conduct a XSS attack using error messages in PHP backtrace.
-</py:def>
-
-<py:def function="announcement_mitigation">
-Additional steps from administrator are required to actually exploit this
-issue (phpMyAdmin error reporting and collection needs to be enabled, what 
-is against recommendation for production setup).
+It was possible to conduct a XSS attack using spoofed request to setup script.
 </py:def>
 
 <py:def function="announcement_severity">
@@ -27,7 +21,7 @@ We consider this vulnerability to be non critical.
 </py:def>
 
 <py:def function="announcement_affected">
-For 3.x: versions before 3.3.6 are affected.
+For 3.x: versions before 3.3.7 are affected.
 </py:def>
 
 <py:def function="announcement_unaffected">
@@ -35,18 +29,17 @@ Branch 2.11.x is not affected by this.
 </py:def>
 
 <py:def function="announcement_solution">
-Upgrade to phpMyAdmin 3.3.6 or newer or apply patch listed below.
+Upgrade to phpMyAdmin 3.3.7 or newer or apply patch listed below.
 </py:def>
 
 <py:def function="announcement_references">
-Thanks to Aung Khant from <a href="http://yehg.net">YGN Ethical Hacker Group,
-Myanmar</a> for reporting this issue.
+Thanks to <a href="http://tenable.com/">Tenable Network Security</a> for reporting this issue.
 </py:def>
 
 <py:def function="announcement_cve">CVE-2010-2958</py:def>
 
 <py:def function="announcement_commits">
-133a77fac7d31a38703db2099a90c1b49de62e37
+73ce5705bd1e0b62060f75702d62f88247ce09dd
 </py:def>
 
 <xi:include href="_page.tpl" />


hooks/post-receive
-- 
phpMyAdmin website

More information about the Git mailing list