Please stop sending to fd. Already everyone here could tell the same no other linux distro is using fd for this, iirc.
Best 2013/4/16, [email protected] <[email protected]>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > _______________________________________________________________________ > > Mandriva Linux Security Advisory MDVSA-2013:144 > http://www.mandriva.com/en/support/security/ > _______________________________________________________________________ > > Package : phpmyadmin > Date : April 16, 2013 > Affected: Business Server 1.0 > _______________________________________________________________________ > > Problem Description: > > Multiple cross-site scripting (XSS) vulnerabilities in > tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow > remote attackers to inject arbitrary web script or HTML via the (1) > visualizationSettings[width] or (2) visualizationSettings[height] > parameter (CVE-2013-1937). > > This upgrade provides the latest phpmyadmin version (3.5.8) to address > this vulnerability. > _______________________________________________________________________ > > References: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1937 > _______________________________________________________________________ > > Updated Packages: > > Mandriva Business Server 1/X86_64: > 929b248f9b33fbf73022a491e48b88f4 > mbs1/x86_64/phpmyadmin-3.5.8-0.1.mbs1.noarch.rpm > 9cc9136cc4280dd3d3904708be166076 > mbs1/SRPMS/phpmyadmin-3.5.8-0.1.mbs1.src.rpm > _______________________________________________________________________ > > To upgrade automatically use MandrivaUpdate or urpmi. The verification > of md5 checksums and GPG signatures is performed automatically for you. > > All packages are signed by Mandriva for security. You can obtain the > GPG public key of the Mandriva Security Team by executing: > > gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 > > You can view other update advisories for Mandriva Linux at: > > http://www.mandriva.com/en/support/security/advisories/ > > If you want to report vulnerabilities, please contact > > security_(at)_mandriva.com > _______________________________________________________________________ > > Type Bits/KeyID Date User ID > pub 1024D/22458A98 2000-07-10 Mandriva Security Team > <security*mandriva.com> > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iD8DBQFRbValmqjQ0CJFipgRAgRgAJ94hPso/CAax5T5r1qt6jZsbhsDUACg58On > nyHMhbLL0/Ai6NaXBkFQvyw= > =6tQS > -----END PGP SIGNATURE----- > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- Inviato dal mio dispositivo mobile _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
