Debian Bug report logs -
#382228
PHPMyAdmin: Set_Theme Cross-Site Scripting Vulnerability
Reported by: Stephen Gran <sgran@debian.org>
Date: Wed, 9 Aug 2006 17:18:30 UTC
Severity: critical
Tags: security
Fixed in version 4:2.8.0.2-1
Done: Thijs Kinkhorst <thijs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Piotr Roszatycki <dexter@debian.org>:
Bug#382228; Package phpmyadmin.
(full text, mbox, link).
Acknowledgement sent to Stephen Gran <sgran@debian.org>:
New Bug report received and forwarded. Copy sent to Piotr Roszatycki <dexter@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: phpmyadmin
Severity: critical
Tags: security
http://www.securityfocus.com/bid/17142/references
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-3-686-smp
Locale: LANG=en_US.ISO-8859-1, LC_CTYPE=en_US.ISO-8859-1 (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US.ISO-8859-1)
Versions of packages phpmyadmin depends on:
ii apache-ssl [httpd] 1.3.33-6sarge2 versatile, high-performance HTTP s
ii debconf 1.4.30.13 Debian configuration management sy
ii php4 4:4.3.10-16 server-side, HTML-embedded scripti
ii php4-mysql 4:4.3.10-16 MySQL module for php4
ii wwwconfig-common 0.0.43 Debian web auto configuration
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Piotr Roszatycki <dexter@debian.org>:
Bug#382228; Package phpmyadmin.
(full text, mbox, link).
Acknowledgement sent to Thijs Kinkhorst <thijs@debian.org>:
Extra info received and forwarded to list. Copy sent to Piotr Roszatycki <dexter@debian.org>.
(full text, mbox, link).
Message #10 received at 382228@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
close 382228 4:2.8.0.2-1
thanks
Hello,
Thanks for your report.
> http://www.securityfocus.com/bid/17142/references
This is CVE-2006-1258. Sid contains a version > 2.8.0.2 so can
considered to be fixed.
Recently I judged sarge not to be vulnerable, and can't reproduce the
issue on sarge with the given exploit. I will recheck to be sure.
Thijs
[signature.asc (application/pgp-signature, inline)]
Bug marked as fixed in version 4:2.8.0.2-1, send any further explanations to Stephen Gran <sgran@debian.org>
Request was from Thijs Kinkhorst <thijs@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Message #13 received at 382228-done@bugs.debian.org (full text, mbox, reply):
On Wed, 2006-08-09 at 22:40 +0200, Thijs Kinkhorst wrote:
> Recently I judged sarge not to be vulnerable, and can't reproduce the
> issue on sarge with the given exploit. I will recheck to be sure.
Sarge doesn't contain the respective code. Sid is fixed. Closing bug.
Thijs
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 25 Jun 2007 01:07:19 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:33:49 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon