[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. d40c9bc0416247535228171e444a965cbe397ff1

Marc Delisle lem9 at users.sourceforge.net
Wed Aug 24 19:00:51 CEST 2011 

The branch, master has been updated
       via  d40c9bc0416247535228171e444a965cbe397ff1 (commit)
       via  ab196911515d052815ee854aeeab15b5c568915e (commit)
       via  025d903eef8b4ecff5e16e1dbbec005e0b2954f0 (commit)
       via  588779c08e94264c2a97db0f81420dd2b83514e2 (commit)
       via  8a77a964a8e1a8f663e0d704259cc1297f095bc0 (commit)
      from  a2dcd2803c51cf685016b95ce373ada53c2c0a99 (commit)


- Log -----------------------------------------------------------------
commit d40c9bc0416247535228171e444a965cbe397ff1
Merge: a2dcd28 ab19691
Author: Marc Delisle <marc at infomarc.info>
Date:   Wed Aug 24 12:59:27 2011 -0400

    Merge commit 'ab196911515d052815ee854aeeab15b5c568915e'

commit ab196911515d052815ee854aeeab15b5c568915e
Author: Marc Delisle <marc at infomarc.info>
Date:   Wed Aug 24 08:24:16 2011 -0400

    This PMASA is only about the Tracking issues

commit 025d903eef8b4ecff5e16e1dbbec005e0b2954f0
Author: Marc Delisle <marc at infomarc.info>
Date:   Sat Aug 20 07:59:02 2011 -0400

    Added reference to CVE-2011-3181

commit 588779c08e94264c2a97db0f81420dd2b83514e2
Author: Herman van Rink <rink at initfour.nl>
Date:   Fri Aug 19 12:02:52 2011 +0200

    updated PMASA-2011-13 to address Data Dictionary problem

commit 8a77a964a8e1a8f663e0d704259cc1297f095bc0
Author: Herman van Rink <rink at initfour.nl>
Date:   Fri Aug 19 11:35:51 2011 +0200

    updated PMASA-2011-13 from Marcs base

-----------------------------------------------------------------------

Summary of changes:
 templates/security/PMASA-2011-13 |   70 ++++++++++++++++++++++++++++++++++++++
 1 files changed, 70 insertions(+), 0 deletions(-)
 create mode 100644 templates/security/PMASA-2011-13

diff --git a/templates/security/PMASA-2011-13 b/templates/security/PMASA-2011-13
new file mode 100644
index 0000000..4219e00
--- /dev/null
+++ b/templates/security/PMASA-2011-13
@@ -0,0 +1,70 @@
+<!--! Template for security announcement -->
+<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
+
+
+<py:def function="announcement_id">
+PMASA-2011-13
+</py:def>
+
+<py:def function="announcement_date">
+2011-08-24
+</py:def>
+
+<py:def function="announcement_summary">
+Multiple XSS in the Tracking feature.
+</py:def>
+
+<py:def function="announcement_description">
+Missing sanitization on the table, column and index names leads to XSS vulnerabilities.
+</py:def>
+
+<py:def function="announcement_severity">
+We consider this vulnerability to be serious.
+</py:def>
+
+<py:def function="announcement_mitigation">
+An attacker must be logged in via phpMyAdmin to exploit this problem.
+</py:def>
+
+<py:def function="announcement_affected">
+Versions 3.3.0 to 3.4.3.2 are affected.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.3.10.4 or 3.4.4 or apply the related patch listed below.
+</py:def>
+
+<!--! Links to reporter etc, do not forget to escape & to & -->
+<py:def function="announcement_references">
+This issue was found by Norman Hippert from <a href="http://www.the-wildcat.de/">The-Wildcat.de</a>.
+</py:def>
+
+<!--! CVE ID of the report, this is automatically added to references -->
+<py:def function="announcement_cve">CVE-2011-3181</py:def>
+
+<py:def function="announcement_cwe">661 98</py:def>
+
+<py:def function="announcement_commits">
+f00c57bdf3669d7471b30e6750f6762d2e01947b
+4e5c583dcfdd6307f1093f80a9e1d1ff0480cc7d
+c547703b1089bff62b238a908d8559ca3ad845f1
+b659fbeb128b3235738d6fd787cab096ddc3a591
+0f5f2d960184db7333ecf7d52da406cae306412b
+39edf6e1fbe4a39f6fec0919d60eca5dfc2708ff
+3d8fddceb0f084d4b77c58c48a98e002db6baa6a
+2b0d12b2deb1b6b5c4073ecaa7971cb0bbb83389
+ec848d825ffe896b96b6c3e4b8c7d4c12aadd310
+</py:def>
+
+<py:def function="announcement_commits_3_3">
+a5716cb3892f1714a97d8808cde9229ccc8752c8
+4e5c583dcfdd6307f1093f80a9e1d1ff0480cc7d
+ae20845e36e0e019715842c71eed9e4a9ff99223
+e11e55cb0689b4a6de5f0d996166668a47f96da9
+9d54e57fc8946db9b04666a93541871c80867fe7
+c78da1582799f35c8f12ca930062ea987a350282
+a6c8a8fe8ac03f4f36e5aaa7f7fb3bf0e11654f8
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>


hooks/post-receive
-- 
phpMyAdmin website

More information about the Git mailing list