[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. e3596488cc4eed5e8a8d89a66b115bc74fe8d79b

Marc Delisle lem9 at users.sourceforge.net
Fri Jul 8 23:19:42 CEST 2011 

The branch, master has been updated
       via  e3596488cc4eed5e8a8d89a66b115bc74fe8d79b (commit)
      from  ebcfdbdef73254b04ee4f557cba36df87b43b026 (commit)


- Log -----------------------------------------------------------------
commit e3596488cc4eed5e8a8d89a66b115bc74fe8d79b
Author: Marc Delisle <marc at infomarc.info>
Date:   Fri Jul 8 17:18:39 2011 -0400

    Revert "New advisories"
    
    This reverts commit d79dc1d237de4c3246745c269376db7b99a9d1cb.
    
    These should not have been published yet.

-----------------------------------------------------------------------

Summary of changes:
 templates/security/PMASA-2011-10 |   52 ------------------------------------
 templates/security/PMASA-2011-9  |   54 --------------------------------------
 2 files changed, 0 insertions(+), 106 deletions(-)
 delete mode 100644 templates/security/PMASA-2011-10
 delete mode 100644 templates/security/PMASA-2011-9

diff --git a/templates/security/PMASA-2011-10 b/templates/security/PMASA-2011-10
deleted file mode 100644
index 77c3148..0000000
--- a/templates/security/PMASA-2011-10
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--! Template for security announcement -->
-<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
-
-
-<py:def function="announcement_id">
-PMASA-2011-10
-</py:def>
-
-<py:def function="announcement_date">
-2011-07-XX
-</py:def>
-
-<py:def function="announcement_summary">
-Local file inclusion.
-</py:def>
-
-<py:def function="announcement_description">
-Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion.
-</py:def>
-
-<py:def function="announcement_severity">
-We consider this vulnerability to be serious.
-</py:def>
-
-<py:def function="announcement_mitigation">
-The phpMyAdmin's configuration storage mechanism must be configured for this attack to work.
-</py:def>
-
-<py:def function="announcement_affected">
-Versions 3.4.0 to 3.4.3.1 are affected.
-</py:def>
-
-<py:def function="announcement_solution">
-Upgrade to phpMyAdmin 3.4.3.2 or apply the related patch listed below.
-</py:def>
-
-<!--! Links to reporter etc, do not forget to escape & to & -->
-<py:def function="announcement_references">
-This issue was found by Norman Hippert from <a href="http://www.the-wildcat.de/">The-Wildcat.de</a>
-</py:def>
-
-<!--! CVE ID of the report, this is automatically added to references -->
-<py:def function="announcement_cve">CVE-2011-XXXX</py:def>
-
-<py:def function="announcement_cwe">661 98</py:def>
-
-<py:def function="announcement_commits">
-f63e1bb42a37401b2fdfcd2e66cce92b7ea2025c
-</py:def>
-
-<xi:include href="_page.tpl" />
-</html>
diff --git a/templates/security/PMASA-2011-9 b/templates/security/PMASA-2011-9
deleted file mode 100644
index e34d305..0000000
--- a/templates/security/PMASA-2011-9
+++ /dev/null
@@ -1,54 +0,0 @@
-<!--! Template for security announcement -->
-<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
-
-
-<py:def function="announcement_id">
-PMASA-2011-9
-</py:def>
-
-<py:def function="announcement_date">
-2011-07-XX
-</py:def>
-
-<py:def function="announcement_summary">
-XSS in table Print view.
-</py:def>
-
-<py:def function="announcement_description">
-The attacker must trick the victim into clicking a link that reaches phpMyAdmin's table print view script; one of the link's parameters is a crafted table name (the name containing Javascript code).
-</py:def>
-
-<py:def function="announcement_severity">
-We consider this vulnerability to be minor.
-</py:def>
-
-<py:def function="announcement_mitigation">
-The crafted table name must exist (the attacker must have access to create a table on the victim's server).
-</py:def>
-
-<py:def function="announcement_affected">
-The 3.4.3.1 and earlier versions are affected.
-</py:def>
-
-<py:def function="announcement_solution">
-Upgrade to phpMyAdmin 3.4.3.2 or apply the related patch listed below.
-</py:def>
-
-<!--! Links to reporter etc, do not forget to escape & to & -->
-<py:def function="announcement_references">
-This issue was found by Norman Hippert from <a href="http://www.the-wildcat.de/">The-Wildcat.de</a>
-</py:def>
-
-<!--! CVE ID of the report, this is automatically added to references -->
-<py:def function="announcement_cve">CVE-2011-XXXX</py:def>
-
-<py:def function="announcement_cwe">661 79</py:def>
-
-<py:def function="announcement_commits">
-a0823be05aa5835f207c0838b9cca67d2d9a050a
-4bd27166c314faa37cada91533b86377f4d4d214
-
-</py:def>
-
-<xi:include href="_page.tpl" />
-</html>


hooks/post-receive
-- 
phpMyAdmin website

More information about the Git mailing list