[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. 23f165c6d8ed9fa195a47ce8a639a6c45007705e

Marc Delisle lem9 at users.sourceforge.net
Thu Dec 1 18:40:19 CET 2011 

The branch, master has been updated
       via  23f165c6d8ed9fa195a47ce8a639a6c45007705e (commit)
      from  eac2f79af41b95b906bf308bbe61f1065cf4b6bc (commit)


- Log -----------------------------------------------------------------
commit 23f165c6d8ed9fa195a47ce8a639a6c45007705e
Author: Marc Delisle <marc at infomarc.info>
Date:   Thu Dec 1 12:39:52 2011 -0500

    PMASA-2011-18

-----------------------------------------------------------------------

Summary of changes:
 templates/security/PMASA-2011-18 |   57 ++++++++++++++++++++++++++++++++++++++
 1 files changed, 57 insertions(+), 0 deletions(-)
 create mode 100644 templates/security/PMASA-2011-18

diff --git a/templates/security/PMASA-2011-18 b/templates/security/PMASA-2011-18
new file mode 100644
index 0000000..2965f59
--- /dev/null
+++ b/templates/security/PMASA-2011-18
@@ -0,0 +1,57 @@
+<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2011-18
+</py:def>
+
+<py:def function="announcement_date">
+2011-12-01
+</py:def>
+
+<py:def function="announcement_summary">
+Multiple XSS.
+</py:def>
+
+<py:def function="announcement_description">
+Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels.
+Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog.
+Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs.
+</py:def>
+
+<py:def function="announcement_mitigation">
+These attacks are unlikely to succeed on a victim.
+</py:def>
+
+<py:def function="announcement_severity">
+We consider these vulnerabilities to be non critical.
+</py:def>
+
+<py:def function="announcement_affected">
+Versions 3.4.x are affected.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.4.8 or newer or apply the related patch listed below.
+</py:def>
+
+<py:def function="announcement_references">
+Thanks to <a href="http://www.majorsecurity.net">David Vieira-Kurz</a> for reporting the Database Synchronize and rename issues.
+Thanks to Maxim Rupp for reporting the invalid SQL query issue.
+Thanks to <a href="http://www.defcontn.com">R.Harikrishnan</a> for reporting the database rename and view creation issues.
+</py:def>
+
+<py:def function="announcement_cve">CVE-2011-4634</py:def>
+
+<py:def function="announcement_cwe">661 79</py:def>
+
+<py:def function="announcement_commits">
+1490533d91e9d3820e78ca4eac7981886eaea2cb
+b289fe082441dc739939b0ba15dae0d9dc6cee92
+dac8d6ce256333ff45b5f46270304b8657452740
+077c10020e349e8c1beb46309098992fde616913
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>
+
+


hooks/post-receive
-- 
phpMyAdmin website

More information about the Git mailing list