Control: tags -1 + moreinfo
On 2019-11-06 11:23, Felipe Sateler wrote:
This update fixes several security issues, plus an important bug.
Additionally we fix the metadata reflecting the maintainership change.
Here is the changelog, with debdiff attached.
phpmyadmin (4:4.6.6-4+deb9u1) stretch; urgency=medium
[ Matthias Blümel ]
* Several security fixes
- Cross-site scripting (XSS) vulnerability in
db_central_columns.php
(PMASA-2018-1, CVE-2018-7260, Closes: #893539)
- Remove transformation plugin includes
(PMASA-2018-6, CVE-2018-19968)
- Fix Stored Cross-Site Scripting (XSS) in navigation tree
(PMASA-2018-8, CVE-2018-19970)
- Fix information leak (arbitrary file read) using SQL queries
(PMASA-2019-1, CVE-2019-6799, Closes: #920823)
- a specially crafted username can be used to trigger a SQL
injection attack
(PMASA-2019-2, CVE-2019-6798, Closes: #920822)
- SQL injection in Designer feature
(PMASA-2019-3, CVE-2019-11768, Closes: #930048)
- CSRF vulnerability in login form
(PMASA-2019-4, CVE-2019-12616, Closes: #930017)
According to the BTS and Security Tracker, at least some of these issues
affect the package in unstable and aren't currently fixed there. Is that
correct?
Regards,
Adam
