-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 28 Aug 2007 22:31:30 +0200 Source: phpmyadmin Binary: phpmyadmin Architecture: source all Version: 4:2.9.1.1-4 Distribution: stable-security Urgency: high Maintainer: Thijs Kinkhorst <thijs@debian.org> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: phpmyadmin - Administrate MySQL over the WWW Changes: phpmyadmin (4:2.9.1.1-4) stable-security; urgency=high . * Update for etch to address security issues. * Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or HTML in a (1) db or (2) table parameter value followed by an uppercase </SCRIPT> end tag, which bypasses the protection against lowercase </script>. [CVE-2007-1395] * Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function. [CVE-2007-2245] * Add fix/workaround for deep array recursion, which may cause PHP to crash the webserver. [CVE-2007-1325] Files: 26baccf88fa7d3b00f4802e46d8d0053 1011 web extra phpmyadmin_2.9.1.1-4.dsc f598509b308bf96aee836eb2338f523c 3500563 web extra phpmyadmin_2.9.1.1.orig.tar.gz 0f377a70b327c65f53ff6895856d18d6 46886 web extra phpmyadmin_2.9.1.1-4.diff.gz 05f19efce1cb5b31a8f1161a01dbe158 3605594 web extra phpmyadmin_2.9.1.1-4_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBRuGC/Gz0hbPcukPfAQI3pAf+J3SuPU0wVigy4GH7p2vgJ4JkkfAV6xah uj9DcIa/opONjs97oaczyAOc0ToPvhK7zWXykZBLuKXYmnvIJZGN8BpQqpX7JaTB YaXBdggTYeMDZzGuEoIVmWABeNSsgbKvk4Haq/7P6dtSmJOpzqZpQm58mgP4YtUu /CXH0dxrPyqa38c0JMdRxro35EJgOwm8MCv5L8ea3RkBGa1OAkbNsibj3dUxKF/2 oJH22jMBw12ZnN6oGok5kZJ+RP9nM37jW73DBhnLYuCFcXC7Aa/zyvM4E0DiYD2d PXIvseNlWCCTB10u0ljM8aqRahsm7cHeXkDVFr+VpFce1UGsDmS5QA== =0Vxb -----END PGP SIGNATURE----- Accepted: phpmyadmin_2.9.1.1-4.diff.gz to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.diff.gz phpmyadmin_2.9.1.1-4.dsc to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4.dsc phpmyadmin_2.9.1.1-4_all.deb to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-4_all.deb