Ubuntu
phpmyadmin package

  1. Bug #392324
  2. Comment #7

Comment 7 for bug 392324

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package phpmyadmin - 4:3.1.2-1ubuntu0.2

---------------
phpmyadmin (4:3.1.2-1ubuntu0.2) jaunty-security; urgency=low

  * SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
    - debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter special
      characters in db_operations.php and db_structure.php.
    - CVE-2009-3696
  * SECURITY UPDATE: SQL injection via PDF schema generator functionality
    (LP: #450505)
    - debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter and
      escape special characters in pdf_pages.php and pmd_pdf.php.
    - CVE-2009-3697
  * SECURITY UPDATE: code injection via configuration files (LP: #392324)
    - Previous patch for CVE-2009-1285 was incomplete
    - debian/patches/045-security-CVE-2009-1285-2.dpatch: do not allow user
      to modify php code before saving in setup/frames/config.inc.php and
      setup/config.php.
    - CVE-2009-1285

 -- Marc Deslauriers <email address hidden> Mon, 26 Oct 2009 08:55:07 -0400