[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. 5b7fa0538813d55eb5ff980a6461e1ef23f0c52d

Marc Delisle lem9 at users.sourceforge.net
Wed Dec 21 21:38:28 CET 2011 

The branch, master has been updated
       via  5b7fa0538813d55eb5ff980a6461e1ef23f0c52d (commit)
       via  016be749df737089e59e3c8152d491d50e34c559 (commit)
       via  0d8171b33aefc983404036b39dbea74919325ddd (commit)
      from  0f8b2603b5a9b1d6765804deee11d056e549404b (commit)


- Log -----------------------------------------------------------------
commit 5b7fa0538813d55eb5ff980a6461e1ef23f0c52d
Author: Marc Delisle <marc at infomarc.info>
Date:   Wed Dec 21 15:38:00 2011 -0500

    Announcement date

commit 016be749df737089e59e3c8152d491d50e34c559
Author: Marc Delisle <marc at infomarc.info>
Date:   Mon Dec 19 12:42:44 2011 -0500

    PMASA-2011-19

commit 0d8171b33aefc983404036b39dbea74919325ddd
Author: Dieter Adriaenssens <ruleant at users.sourceforge.net>
Date:   Mon Dec 19 16:59:42 2011 +0100

    PMASA-2011-20

-----------------------------------------------------------------------

Summary of changes:
 .../security/{PMASA-2011-16 => PMASA-2011-19}      |   13 ++---
 templates/security/PMASA-2011-20                   |   50 ++++++++++++++++++++
 2 files changed, 56 insertions(+), 7 deletions(-)
 copy templates/security/{PMASA-2011-16 => PMASA-2011-19} (76%)
 create mode 100644 templates/security/PMASA-2011-20

diff --git a/templates/security/PMASA-2011-16 b/templates/security/PMASA-2011-19
similarity index 76%
copy from templates/security/PMASA-2011-16
copy to templates/security/PMASA-2011-19
index ae8b644..c474d90 100644
--- a/templates/security/PMASA-2011-16
+++ b/templates/security/PMASA-2011-19
@@ -1,11 +1,11 @@
 <html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
 
 <py:def function="announcement_id">
-PMASA-2011-16
+PMASA-2011-19
 </py:def>
 
 <py:def function="announcement_date">
-2011-10-17
+2011-12-21
 </py:def>
 
 <py:def function="announcement_summary">
@@ -33,20 +33,19 @@ Versions 3.4.x are affected.
 </py:def>
 
 <py:def function="announcement_solution">
-Upgrade to phpMyAdmin 3.4.6 or newer or apply the related patch listed below.
+Upgrade to phpMyAdmin 3.4.9 or newer or apply the related patch listed below.
 </py:def>
 
 <py:def function="announcement_references">
-Thanks to Jakub GaƂczyk (<a href="http://hauntit.blogspot.com">http://hauntit.blogspot.com</a>) for reporting this issue.
+Thanks to Jason Leyrer of Trustwave SpiderLabs for finding this issue and to Robert Foggia (same company) for contacting us.
 </py:def>
 
-<py:def function="announcement_cve">CVE-2011-4064</py:def>
+<py:def function="announcement_cve">CVE-2011-4782</py:def>
 
 <py:def function="announcement_cwe">661 79</py:def>
 
 <py:def function="announcement_commits">
-ca597dc423f3eebcca95ff33b088a03e39109115
-1af420e22367ae72ff4091adb1620e59ddad5ba6
+0e707906e69ce90c4852a0fce2a0fac7db86a3cd
 </py:def>
 
 <xi:include href="_page.tpl" />
diff --git a/templates/security/PMASA-2011-20 b/templates/security/PMASA-2011-20
new file mode 100644
index 0000000..2f51623
--- /dev/null
+++ b/templates/security/PMASA-2011-20
@@ -0,0 +1,50 @@
+<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2011-20
+</py:def>
+
+<py:def function="announcement_date">
+2011-12-21
+</py:def>
+
+<py:def function="announcement_summary">
+XSS in export.
+</py:def>
+
+<py:def function="announcement_description">
+Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections.
+</py:def>
+
+<py:def function="announcement_mitigation">
+These attacks are unlikely to succeed on a victim. Moreover, all these attacks require that the user be already logged in and that a valid token be part of the request.
+</py:def>
+
+<py:def function="announcement_severity">
+We consider these vulnerabilities to be non critical.
+</py:def>
+
+<py:def function="announcement_affected">
+Versions 3.4.x are affected.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.4.9 or newer or apply the related patches listed below.
+</py:def>
+
+<py:def function="announcement_references">
+Thanks to <a href="https://twitter.com/totally_unknown">Nils Juenemann</a> for reporting a vulnerable url parameter.
+</py:def>
+
+<py:def function="announcement_cve">CVE-2011-4780</py:def>
+
+<py:def function="announcement_cwe">661 79</py:def>
+
+<py:def function="announcement_commits">
+bd3735ba584e7a49aee78813845245354b061f61
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>
+
+


hooks/post-receive
-- 
phpMyAdmin website

More information about the Git mailing list