-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 28 Oct 2005 15:32:47 -0400 Source: phpmyadmin Binary: phpmyadmin Architecture: source all Version: 4:2.6.2-3sarge1 Distribution: stable-security Urgency: high Maintainer: Piotr Roszatycki <dexter@debian.org> Changed-By: Noah Meyerhans <noahm@debian.org> Description: phpmyadmin - set of PHP-scripts to administrate MySQL over the WWW Closes: 328501 335306 335513 Changes: phpmyadmin (4:2.6.2-3sarge1) stable-security; urgency=high . * NMU by security team to fix several vulnerabilities. Patch provided by Piotr Roszatycki <dexter@debian.org> * Security fix: Several Cross-Site Scripting vulnerabilities. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2869 Closes: #328501. * Security fix: (1) Local file inclusion vulnerability and (2) Cross-Site Scripting vulnerability. See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3300 See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3301 Closes: #335306, #335513. . * Modified 001-config.patch: - Append the Debian package revision to the upstream version. Marks that this phpMyAdmin package has additional Debian modifications so the bugreports won't confuse phpMyAdmin's coders. * New 100-bug1223319.patch: - Use eval for config file including to catch parse errors. The patch is required by further patch which fixes XSS. * New 101-patch1258978.patch: - Move common code for error pages out of common.lib.php. The patch is required by further patch which fixes XSS. * New 102-bug1240880.patch: - XSS on the cookie-based login panel. * New 102-bug1249239.patch: - XSS vulnerability on Create page. * New 102-bug1252124.patch: - XSS on table creation page. * New 102-bug1265740.patch: - Protect against possible XSS, move input sanitizing to special file. * New 102-bug1283552.patch: - XSS on username. * New 102-bug_XSS_on_header.inc.php.patch: - XSS on header.inc.php. * New 103-bug_CVE-2005-3300.patch: - Cross-Site Scripting vulnerability. * New 103-bug_CVE-2005-3301.patch: - Local file inclusion vulnerability. Files: bae6eb2d34ffb43fe84be9086aa140cd 604 web extra phpmyadmin_2.6.2-3sarge1.dsc 05e33121984824c43d94450af3edf267 2654418 web extra phpmyadmin_2.6.2.orig.tar.gz bcf942cced4b77c6ea237032134b7285 35138 web extra phpmyadmin_2.6.2-3sarge1.diff.gz 7dddcca1746dfd9c2493fcbb82d7b882 2768208 web extra phpmyadmin_2.6.2-3sarge1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDYoUOYrVLjBFATsMRAgdOAJ4/yxwJDhIe9brrVluOkYfAsEO4EwCfSacG Jq4yjMtm6NwhVtd++X1M0HQ= =QQZS -----END PGP SIGNATURE----- Accepted: phpmyadmin_2.6.2-3sarge1.diff.gz to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1.diff.gz phpmyadmin_2.6.2-3sarge1.dsc to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1.dsc phpmyadmin_2.6.2-3sarge1_all.deb to pool/main/p/phpmyadmin/phpmyadmin_2.6.2-3sarge1_all.deb -- To UNSUBSCRIBE, email to debian-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org