Merge lp:~ari-tczew/ubuntu/dapper/phpmyadmin/fix-CVE-2009-1151 into lp:ubuntu/dapper/phpmyadmin
Status: | Needs review |
---|---|
Proposed branch: | lp:~ari-tczew/ubuntu/dapper/phpmyadmin/fix-CVE-2009-1151 |
Merge into: | lp:ubuntu/dapper/phpmyadmin |
Diff against target: |
97 lines (+75/-0) 4 files modified
debian/changelog (+27/-0) debian/patches/050_CVE-2008-1149.patch (+18/-0) debian/patches/051_CVE-2009-1151.dpatch (+28/-0) debian/patches/series (+2/-0) |
To merge this branch: | bzr merge lp:~ari-tczew/ubuntu/dapper/phpmyadmin/fix-CVE-2009-1151 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Jamie Strandboge | Approve | ||
Review via email: mp+23166@code.launchpad.net |
Unmerged revisions
- 10. By Artur Rona
-
* SECURITY UPDATE: Insufficient output sanitizing when generating
configuration file (LP: #387215).
- debian/patches/ 051_CVE- 2009-1151. dpatch: Do not output unescaped
chars to generated configuration file. Patch from upstream SVN revision
12301.
- References:
+ CVE-2009-1151
+ PMASA-2009-3 - 9. By Emanuele Gentili
-
* SECURITY UPDATE:
+ debian/patches/ 050_CVE- 2008-1149. patch
- Provides unauthorized access, Allows partial confidentiality, integrity, and
availability violation , Allows unauthorized disclosure of information ,
Allows disruption of service. (LP: #198745)* References:
+ http://nvd.nist. gov/nvd. cfm?cvename= CVE-2008- 1149
+ http://www.phpmyadmin. net/home_ page/security. php?issue= PMASA-2008- 1
Looks like LP was out of date cause it added the previous update to your diff. Looks fine. Thanks!