[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. 1a56dd2e02918cef7485f37af0d0a190664f3374

Marc Delisle lem9 at users.sourceforge.net
Thu Nov 10 15:36:18 CET 2011 

The branch, master has been updated
       via  1a56dd2e02918cef7485f37af0d0a190664f3374 (commit)
      from  fd6c4ccdbbf9d272dd8e5093f1c9c8981987cf70 (commit)


- Log -----------------------------------------------------------------
commit 1a56dd2e02918cef7485f37af0d0a190664f3374
Author: Marc Delisle <marc at infomarc.info>
Date:   Thu Nov 10 09:36:06 2011 -0500

    PMASA-2011-17

-----------------------------------------------------------------------

Summary of changes:
 templates/security/PMASA-2011-17 |   60 ++++++++++++++++++++++++++++++++++++++
 1 files changed, 60 insertions(+), 0 deletions(-)
 create mode 100644 templates/security/PMASA-2011-17

diff --git a/templates/security/PMASA-2011-17 b/templates/security/PMASA-2011-17
new file mode 100644
index 0000000..9fc013c
--- /dev/null
+++ b/templates/security/PMASA-2011-17
@@ -0,0 +1,60 @@
+<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2011-17
+</py:def>
+
+<py:def function="announcement_date">
+2011-11-10
+</py:def>
+
+<py:def function="announcement_summary">
+Local file inclusion.
+</py:def>
+
+<py:def function="announcement_description">
+Importing a specially-crafted XML file which contains an XML entity injection
+permits to retrieve a local file (limited by the privileges of the user
+running the web server). 
+</py:def>
+
+<py:def function="announcement_mitigation">
+The attacker must be logged in to MySQL via phpMyAdmin.
+</py:def>
+
+<py:def function="announcement_severity">
+We consider this vulnerability to be serious.
+</py:def>
+
+<py:def function="announcement_affected">
+Versions 3.3.x and 3.4.x are affected.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.4.7.1 or newer (or 3.3.10.5) or apply the related patches listed below.
+</py:def>
+
+<py:def function="announcement_references">
+Thanks to Jan Lieskovsky from the Red Hat Security Response Team who warned 
+the phpMyAdmin project that public disclosure of this problem has occurred.
+</py:def>
+
+<py:def function="announcement_cve">CVE-2011-4107</py:def>
+
+<py:def function="announcement_cwe">661</py:def>
+
+<py:def function="announcement_commits_3_4">
+05f96b921a7e7dacd02be5ca61b2e7bdd014ee55
+34d99de000de9d15cfdf5e9cc8b7682d51110bbd
+a5e206fbd2ca814042cfc1bb7dd3b40c28ce3fb5
+</py:def>
+
+<py:def function="announcement_commits_3_3">
+75606e5f82280eb1a3817badf1b24d512a010b80
+1a89c8ecfd09ceace81fb11e488f12599c0e49b6
+2fbf631384fd8cded55f4500cb87b129442f9ed2
+5fa86b8e81565c15ddbc359e8f59ecd829a2b717
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>


hooks/post-receive
-- 
phpMyAdmin website

More information about the Git mailing list