Package: phpmyadmin Severity: grave Tags: security Justification: user security hole
Hi The following CVE[0] has been issued against phpmyadmin. You can find a patch below. CVE-2007-5386: Cross-site scripting (XSS) vulnerability in scripts/setup.php in phpMyAdmin 2.11.1, when accessed by a browser that does not URL-encode requests, allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: some of these details are obtained from third party information. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5386 diff -u phpmyadmin-2.11.1/debian/changelog phpmyadmin-2.11.1/debian/changelog --- phpmyadmin-2.11.1/debian/changelog +++ phpmyadmin-2.11.1/debian/changelog @@ -1,3 +1,11 @@ +phpmyadmin (4:2.11.1-1.1) unstable; urgency=high + + * Non-maintainer upload by the testing-security team + * Include upstream patch for XSS vulnerability in scripts/setup.php + Fixes: CVE-2007-5386 + + -- Steffen Joeris <[EMAIL PROTECTED]> Sat, 13 Oct 2007 05:12:44 +0000 + phpmyadmin (4:2.11.1-1) unstable; urgency=low * New upstream release. diff -u phpmyadmin-2.11.1/debian/patches/00list phpmyadmin-2.11.1/debian/patches/00list --- phpmyadmin-2.11.1/debian/patches/00list +++ phpmyadmin-2.11.1/debian/patches/00list @@ -3,0 +4 @@ +041-CVE-2007-5386 only in patch2: unchanged: --- phpmyadmin-2.11.1.orig/debian/patches/041-CVE-2007-5386.dpatch +++ phpmyadmin-2.11.1/debian/patches/041-CVE-2007-5386.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Fix CVE-2007-5386 + [EMAIL PROTECTED]@ + +--- ../old/phpmyadmin-2.11.1/scripts/setup.php 2007-09-20 16:35:14.000000000 +0000 ++++ phpmyadmin-2.11.1/scripts/setup.php 2007-10-13 05:10:49.000000000 +0000 +@@ -1951,7 +1951,10 @@ + if (empty($_SERVER['REQUEST_URI']) || empty($_SERVER['HTTP_HOST'])) { + $redir = ''; + } else { +- $redir = ' If your server is also configured to accept HTTPS request follow <a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '">this link</a> to use secure connection.'; ++ $redir = ' If your server is also configured to accept HTTPS request' ++ . ' follow <a href="https://' ++ . htmlspecialchars($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']) ++ . '">this link</a> to use secure connection.'; + } + message('warning', 'You are not using secure connection, all data (including sensitive, like passwords) are transfered unencrypted!' . $redir, 'Not secure connection'); + } -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
