[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_4RC1-16975-g2e1d5ac

Marc Delisle lem9 at users.sourceforge.net
Wed Aug 24 18:40:31 CEST 2011


The branch, master has been updated
       via  2e1d5ac20a6245d50fcf09f4ba90eb6b7197a360 (commit)
      from  4d2521ac91d09697c3b2c209c962ebcbc093446d (commit)


- Log -----------------------------------------------------------------
commit 2e1d5ac20a6245d50fcf09f4ba90eb6b7197a360
Author: Marc Delisle <marc at infomarc.info>
Date:   Wed Aug 24 12:39:43 2011 -0400

    ChangeLog and 3.4.4 XSS fix

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 85e45ab..680d3fa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -59,7 +59,7 @@ phpMyAdmin - ChangeLog
 - [import] Remove native Excel import modules (xls and xlsx formats)
 - bug #3392920 [edit] BLOB emptied after editing another column
 
-3.4.4.0 (not yet released)
+3.4.4.0 (2011-08-24)
 - bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes
 - bug #3323101 [parser] Invalid escape sequence in SQL parser
 - bug #3348995 [config] $cfg['Export']['asfile'] set to false does not select asText option
@@ -77,6 +77,7 @@ phpMyAdmin - ChangeLog
 - bug #3372807 [interface] Fix security warning link in setup
 - bug #3374347 [display] Backquotes in normal text on import page
 - bug #3358750 [core] With Suhosin, urls are too long in edit links
+- [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13
 
 3.4.3.2 (2011-07-23)
 - [security] Fixed XSS vulnerability, see PMASA-2011-9


hooks/post-receive
-- 
phpMyAdmin




More information about the Git mailing list