-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 30 Nov 2008 12:52:40 +0100 Source: phpmyadmin Binary: phpmyadmin Architecture: source all Version: 4:2.9.1.1-9 Distribution: stable-security Urgency: high Maintainer: Thijs Kinkhorst <thijs@debian.org> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: phpmyadmin - Administrate MySQL over the WWW Closes: 503270 Changes: phpmyadmin (4:2.9.1.1-9) stable-security; urgency=high . * The PMA_escapeJsString function in libraries/js_escape.lib.php in phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote attackers to bypass cross-site scripting (XSS) protection mechanisms and conduct XSS attacks via a NUL byte inside a "</script" sequence. [CVE-2008-4326] * Add missing variable 'lang' to $allow_list, which unbreaks the language selection on the login screen (regression introduced in -8). (Closes: #503270) Files: b751c9769e198e656e7b982ec8bc4fc9 1019 web extra phpmyadmin_2.9.1.1-9.dsc fee9d9989bd7e53fbe5f5308078cc68d 54647 web extra phpmyadmin_2.9.1.1-9.diff.gz 4148b6e9d9ee79457a9696cec5816259 3602510 web extra phpmyadmin_2.9.1.1-9_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJJMoSlAAoJEGz0hbPcukPfm54IAJ98zvmebP/I3mi6eI6zMuVr 0K0vxgBKhlph4NCxcowoF1zf9XHnUtMPH5m72H3tUX2CozFp40DARRZ2pJm9E9lx 7lavedXJgLe4jDYkKYgNJaZotH7pFf+FGZfQq60yE63WL+0SV1QKpr19Y8NAU3fF a2WqodnhipwnBO2+UIJ39553uwLrHMjTYb9X72gydhe7CcfbxISc8uZCyk08wuN2 hxmJN3MjF4M+BCY/yPcpXc1ox5BGeDB252l6P2z8FzC7ucfEq4v3l45KonKEl8L7 6n+KfyZ7QoJCKtew+of3wOP+i6Hk6U7rv0SBUqOugtsXtR5GFXy4955MWarS9Rg= =xBdf -----END PGP SIGNATURE----- Accepted: phpmyadmin_2.9.1.1-9.diff.gz to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.diff.gz phpmyadmin_2.9.1.1-9.dsc to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9.dsc phpmyadmin_2.9.1.1-9_all.deb to pool/main/p/phpmyadmin/phpmyadmin_2.9.1.1-9_all.deb