[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. cbcceee4553b04209c53e6f0470f7c653fa4496e

Marc Delisle lem9 at users.sourceforge.net
Tue Feb 8 16:13:09 CET 2011 

The branch, master has been updated
       via  cbcceee4553b04209c53e6f0470f7c653fa4496e (commit)
       via  d02c2862658b606340faa7c663d7aa6260a9e959 (commit)
      from  c9b42a3a8dd42964d47c075822ca0d4023aace30 (commit)


- Log -----------------------------------------------------------------
commit cbcceee4553b04209c53e6f0470f7c653fa4496e
Merge: d02c2862658b606340faa7c663d7aa6260a9e959 c9b42a3a8dd42964d47c075822ca0d4023aace30
Author: Marc Delisle <marc at infomarc.info>
Date:   Tue Feb 8 10:12:51 2011 -0500

    Merge branch 'master' of ssh://phpmyadmin.git.sourceforge.net/gitroot/phpmyadmin/website

commit d02c2862658b606340faa7c663d7aa6260a9e959
Author: Marc Delisle <marc at infomarc.info>
Date:   Tue Feb 8 10:12:16 2011 -0500

    New SA

-----------------------------------------------------------------------

Summary of changes:
 templates/security/PMASA-2011-1 |   53 +++++++++++++++++++++++++++++++++++++++
 1 files changed, 53 insertions(+), 0 deletions(-)
 create mode 100644 templates/security/PMASA-2011-1

diff --git a/templates/security/PMASA-2011-1 b/templates/security/PMASA-2011-1
new file mode 100644
index 0000000..015ec6b
--- /dev/null
+++ b/templates/security/PMASA-2011-1
@@ -0,0 +1,53 @@
+<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2011-1
+</py:def>
+
+<py:def function="announcement_date">
+2011-02-08
+</py:def>
+
+<py:def function="announcement_summary">
+Path disclosure when some files have been removed
+</py:def>
+
+<py:def function="announcement_description">
+When the files README, ChangeLog or LICENSE have been removed from their
+original place (possibly by the distributor), the scripts used to display
+these files can show their full path, leading to possible further attacks.
+</py:def>
+
+<py:def function="announcement_mitigation">
+For the error messages to be displayed, php.ini's error_reporting must be set 
+to E_ALL and display_errors must be On (these settings are not recommended 
+on a production server in the PHP manual).
+</py:def>
+
+<py:def function="announcement_severity">
+We consider this vulnerability to be non critical.
+</py:def>
+
+<py:def function="announcement_affected">
+The 2.11.x and 3.3.x versions are affected.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.3.9.1 or newer (2.11.11.2 or newer for the older
+family) or apply the related patch listed below.
+</py:def>
+
+<py:def function="announcement_references">
+Thanks to MustLive from <a href="http://websecurity.com.ua">Websecurity</a>
+ for reporting this issue.
+</py:def>
+
+<py:def function="announcement_cve">CVE-xxxx-xxxx</py:def>
+
+<py:def function="announcement_cwe">661 200</py:def>
+
+<py:def function="announcement_commits">
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>


hooks/post-receive
-- 
phpMyAdmin website

More information about the Git mailing list