Debian Bug report logs -
#774194
phpmyadmin: CVE-2014-9218 CVE-2014-9219
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 30 Dec 2014 02:21:01 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Fixed in version phpmyadmin/4:4.2.12-2
Done: Michal Čihař <nijel@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Thijs Kinkhorst <thijs@debian.org>:
Bug#774194; Package phpmyadmin.
(Tue, 30 Dec 2014 02:21:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Thijs Kinkhorst <thijs@debian.org>.
(Tue, 30 Dec 2014 02:21:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: phpmyadmin
Severity: grave
Tags: security
Please see:
http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
Cheers,
Moritz
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 30 Dec 2014 04:21:07 GMT) (full text, mbox, link).
Changed Bug title to 'phpmyadmin: CVE-2014-9218 CVE-2014-9219' from 'CVE-2014-9218 CVE-2014-9219'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Tue, 30 Dec 2014 04:21:08 GMT) (full text, mbox, link).
Reply sent
to Michal Čihař <nijel@debian.org>:
You have taken responsibility.
(Tue, 30 Dec 2014 10:06:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Tue, 30 Dec 2014 10:06:05 GMT) (full text, mbox, link).
Message #14 received at 774194-close@bugs.debian.org (full text, mbox, reply):
Source: phpmyadmin
Source-Version: 4:4.2.12-2
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 774194@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michal Čihař <nijel@debian.org> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 30 Dec 2014 10:54:32 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:4.2.12-2
Distribution: unstable
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Michal Čihař <nijel@debian.org>
Description:
phpmyadmin - MySQL web administration tool
Closes: 774194
Changes:
phpmyadmin (4:4.2.12-2) unstable; urgency=high
.
* Fix security issues (Closes: #774194).
- CVE-2014-9219 / PMASA-2014-18 - XSS vulnerability in redirection.
- CVE-2014-9218 / PMASA-2014-17 - DoS vulnerability with long passwords.
Checksums-Sha1:
3b872c10a4dc8056889220fe9c30326b132fce5a 1925 phpmyadmin_4.2.12-2.dsc
5050d7290502f9c791f26b4a05c525deb6270a96 49620 phpmyadmin_4.2.12-2.debian.tar.xz
cbb594076beccf3d25df6ff7a86f1d7d1531985c 3862078 phpmyadmin_4.2.12-2_all.deb
Checksums-Sha256:
24a81f2ef2335656e58ca0ce1f0fcb9ac7d4a9bd8c409c378dc2d8a7f1822c82 1925 phpmyadmin_4.2.12-2.dsc
5230ca896a77f81fa9dfa80d1f1c8adee71bb83d913fd6998090b61c16171c5b 49620 phpmyadmin_4.2.12-2.debian.tar.xz
45f2eb8227a292da9514ba1298ab4a63c65136a3ad11f3c6b6daf958770d44ff 3862078 phpmyadmin_4.2.12-2_all.deb
Files:
1f69aaa1dba26087394527de0094dbde 1925 web extra phpmyadmin_4.2.12-2.dsc
1a1b891a54b9d3eee5b0140c56723804 49620 web extra phpmyadmin_4.2.12-2.debian.tar.xz
33ce87def73a5b1418690d42e9882c02 3862078 web extra phpmyadmin_4.2.12-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJUonb4AAoJEJwnsxNCt1Edd9wP/iaELM5PyB16GTZ1A1ZlxE0I
WMyE/L1nCE+aFb3nR6bSPusMAG/AiXS34qjF9h8DoNkcSVEgUKrmTRP4YlIz6D/E
u3Ye+hLRVdbharoJPMUYhrhGAT2n8lOc3cVCKD9lGhph9M7s4aySCmTNJsg1s4Yo
JoOe4E1UjQVfcYpMm8GNb2psHb56ZzcozILI8FkGartDKHhBZaNyXxKwTlP1dIv9
0QtY/5aNtOBc1fD/HkUpMar9qp6Ky6TEVbPhuj4d2yt/5nm6I3eYesiUwdtcca8O
zt1wqI9vgVd46WQmUW+MkxeJkqLgaXEjh7i9a0xBdhHClKJdHY7VrN2YOmavCAZ1
MMg3UeI7Uz8bC+aTdIDgsIHnnkMixt33zH2ximVOaX2idsxwVGsUNNIb/7JTXtTZ
v9UMORXjpF9dLRnsEzksoRml1T4/hLIOrIsDWLK4tT75/Ja1/judFNt6W5CadrP3
e9z0HJKu6/G9k+SpovSNvqFXyXHTe/cmJoLzsYAsIPxwKmcieDbvvaWPhhjMZAul
UAVEaUIWRBZn1OL2iAIky+ghXMBJsxyvfvi5ORKIxsBuy4ULU/VbDVriOgb/iwQ2
UO2yLDJyCWZUn6f7j0BC7gdlAO63uKHo97ufl2Kx7Rc8EVA9uj1H54BWjb5xfLCw
USa215rKZqjpzz9cLJv+
=xUx8
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Fri, 30 Jan 2015 07:28:09 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:12:38 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon