[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. 93b17ee20ed413d79e41250f1cc55ae9961f3123
Marc Delisle
lem9 at users.sourceforge.net
Sun Jul 3 19:21:32 CEST 2011
The branch, master has been updated
via 93b17ee20ed413d79e41250f1cc55ae9961f3123 (commit)
from b5731f4ca159230c34db6ce111617ca27b1b2867 (commit)
- Log -----------------------------------------------------------------
commit 93b17ee20ed413d79e41250f1cc55ae9961f3123
Author: Marc Delisle <marc at infomarc.info>
Date: Sun Jul 3 09:58:15 2011 -0400
Clarify vulnerable PHP versions; new CWE ids
-----------------------------------------------------------------------
Summary of changes:
templates/security/PMASA-2011-5 | 6 +++++-
templates/security/PMASA-2011-7 | 10 ++++++++--
2 files changed, 13 insertions(+), 3 deletions(-)
diff --git a/templates/security/PMASA-2011-5 b/templates/security/PMASA-2011-5
index 0661593..b21c291 100644
--- a/templates/security/PMASA-2011-5
+++ b/templates/security/PMASA-2011-5
@@ -10,6 +10,10 @@ PMASA-2011-5
2011-07-02
</py:def>
+<py:def function="announcement_updated">
+2011-07-03
+</py:def>
+
<py:def function="announcement_summary">
Possible session manipulation in Swekey authentication.
</py:def>
@@ -43,7 +47,7 @@ This issue was found by Frans Pehrson from <a href="http://www.xxor.se">Xxor AB<
<!--! CVE ID of the report, this is automatically added to references -->
<py:def function="announcement_cve">CVE-2011-2505</py:def>
-<py:def function="announcement_cwe">661</py:def>
+<py:def function="announcement_cwe">473 661</py:def>
<py:def function="announcement_commits">
7ebd958b2bf59f96fecd5b3322bdbd0b244a7967
diff --git a/templates/security/PMASA-2011-7 b/templates/security/PMASA-2011-7
index 6a1aeb6..294d7d7 100644
--- a/templates/security/PMASA-2011-7
+++ b/templates/security/PMASA-2011-7
@@ -10,12 +10,16 @@ PMASA-2011-7
2011-07-02
</py:def>
+<py:def function="announcement_updated">
+2011-07-03
+</py:def>
+
<py:def function="announcement_summary">
Regular expression quoting issue in Synchronize code.
</py:def>
<py:def function="announcement_description">
-Through a possible bug in PHP running on Windows systems a null byte can truncate the pattern string allowing an attacker to inject the /e modifier causing the preg_replace function to execute its second argument as PHP code.
+Through a possible bug in PHP, a null byte can truncate the pattern string allowing an attacker to inject the /e modifier causing the preg_replace function to execute its second argument as PHP code.
</py:def>
<py:def function="announcement_severity">
@@ -23,7 +27,9 @@ We consider this vulnerability to be serious.
</py:def>
<py:def function="announcement_mitigation">
-Only PHP running on Windows has been found to be vulnerable, Linux and OpenBSD are not affected.
+All PHP versions that were current at the time of the advisory (5.3.6,
+5.2.17) on all OS are vulnerable, unless the Suhosin patch has been
+installed.
</py:def>
<py:def function="announcement_affected">
hooks/post-receive
--
phpMyAdmin website
More information about the Git
mailing list