Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

phpmyadmin: CVE-2019-6798: PMASA-2019-2

Related Vulnerabilities: CVE-2019-6798  

Source

Debian Bug report logs - #920822
phpmyadmin: CVE-2019-6798: PMASA-2019-2

version graph

Package: src:phpmyadmin; Maintainer for src:phpmyadmin is Thijs Kinkhorst <thijs@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 29 Jan 2019 16:51:01 UTC

Severity: grave

Tags: security, upstream

Found in versions phpmyadmin/4:4.6.6-4, phpmyadmin/4:4.6.6-5

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Thijs Kinkhorst <thijs@debian.org>:
Bug#920822; Package src:phpmyadmin. (Tue, 29 Jan 2019 16:51:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Thijs Kinkhorst <thijs@debian.org>. (Tue, 29 Jan 2019 16:51:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: phpmyadmin: CVE-2019-6798: PMASA-2019-2
Date: Tue, 29 Jan 2019 17:46:28 +0100
Source: phpmyadmin
Version: 4:4.6.6-5
Severity: grave
Tags: security upstream
Control: found -1 4:4.6.6-4

Hi,

The following vulnerability was published for phpmyadmin.

CVE-2019-6798[0]:
| An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was
| reported where a specially crafted username can be used to trigger a
| SQL injection attack through the designer feature.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-6798
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6798
[1] https://www.phpmyadmin.net/security/PMASA-2019-2/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Marked as found in versions phpmyadmin/4:4.6.6-4. Request was from Salvatore Bonaccorso <carnil@debian.org> to submit@bugs.debian.org. (Tue, 29 Jan 2019 16:51:04 GMT) (full text, mbox, link).

Reply sent to Alastair McKinstry <mckinstry@debian.org>:
You have taken responsibility. (Wed, 30 Jan 2019 10:09:10 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Wed, 30 Jan 2019 10:09:11 GMT) (full text, mbox, link).

Message #12 received at 920822-close@bugs.debian.org (full text, mbox, reply):

From: Alastair McKinstry <mckinstry@debian.org>
To: 920822-close@bugs.debian.org
Subject: Bug#920822: fixed in pmix 3.1.2-2
Date: Wed, 30 Jan 2019 10:05:45 +0000
Source: pmix
Source-Version: 3.1.2-2

We believe that the bug you reported is fixed in the latest version of
pmix, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 920822@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alastair McKinstry <mckinstry@debian.org> (supplier of updated pmix package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 30 Jan 2019 09:17:18 +0000
Source: pmix
Binary: libpmi-pmix-dev libpmi1-pmix libpmi1-pmix-dbgsym libpmi2-pmix libpmi2-pmix-dbgsym libpmix-dev libpmix2 libpmix2-dbgsym
Architecture: source amd64
Version: 3.1.2-2
Distribution: unstable
Urgency: medium
Maintainer: Alastair McKinstry <mckinstry@debian.org>
Changed-By: Alastair McKinstry <mckinstry@debian.org>
Description:
 libpmi-pmix-dev - Development files for the PMI library (OpenMPI )
 libpmi1-pmix - OpenMPI implementation of the PMI v1 library
 libpmi2-pmix - OpenMPI implementation of the PMI v2 library
 libpmix-dev - Development files for the PMI Exascale library
 libpmix2   - Process Management Interface (Exascale) library
Closes: 920822
Changes:
 pmix (3.1.2-2) unstable; urgency=medium
 .
   * Bump minor library version libpmix.so.2.2.22. Closes: #920822
Checksums-Sha1:
 b71c15374c8b61a59efa99c1a64aa3ad353003b5 2140 pmix_3.1.2-2.dsc
 962e4bb56c8c05fc9292b378bbd082643c4cc921 7604 pmix_3.1.2-2.debian.tar.xz
 531bb34e2d5775332a2d4b557095219969b31072 545356 libpmi-pmix-dev_3.1.2-2_amd64.deb
 00287ea94aa31e7cb9505b5ee8d68bdc9b8ba77c 1774848 libpmi1-pmix-dbgsym_3.1.2-2_amd64.deb
 790a6464e73708aa1338f6909fdf05b7060d162d 342492 libpmi1-pmix_3.1.2-2_amd64.deb
 28632cdf8acb6cd67db45d1a92403887ba5fbd05 1777512 libpmi2-pmix-dbgsym_3.1.2-2_amd64.deb
 663ca5f8c981beed0fe164a12753fc65e5baab3b 345264 libpmi2-pmix_3.1.2-2_amd64.deb
 b195831e2399e1eb39020a6e0119b8df7a5fa38e 607652 libpmix-dev_3.1.2-2_amd64.deb
 e2a96ca84f50fb4da41810c0344108053c48f7f8 2960480 libpmix2-dbgsym_3.1.2-2_amd64.deb
 b91ee3ecaf54fa340ab0f8ba2517eeab2d42a43e 498624 libpmix2_3.1.2-2_amd64.deb
 ddcae8358def5528643dfd44abeea261ab862b1e 7619 pmix_3.1.2-2_amd64.buildinfo
Checksums-Sha256:
 c473262e1736a5f2b4ac787907b09029281b5d5e499acaf9e083c98b8dd1dc8d 2140 pmix_3.1.2-2.dsc
 f37aed7b1f200f302b4867d13d3e83ed4b2118db7350b710f28298beefa5380b 7604 pmix_3.1.2-2.debian.tar.xz
 f1ded96f1e35d390eec23dacbc27f8a35247b4f77b264520a2aa9560e34aa906 545356 libpmi-pmix-dev_3.1.2-2_amd64.deb
 5beb71b686f6f4e46c464f20bd010a9ab8e7ef40488e7ad2aafd2ba75a45621a 1774848 libpmi1-pmix-dbgsym_3.1.2-2_amd64.deb
 fcae6533a5f0c3b8e0afd7629bd898983f1b11071096a47d46402e8b1f37f79d 342492 libpmi1-pmix_3.1.2-2_amd64.deb
 04d9dc47c9b8de0d00f658172fe52cc6e2a81a0fa4c409b21459164e0608c382 1777512 libpmi2-pmix-dbgsym_3.1.2-2_amd64.deb
 fc4da010a792915e81b5de41b92d3fd79e0f60f532cb32ba34a6d99d795908b3 345264 libpmi2-pmix_3.1.2-2_amd64.deb
 f5cf73b1e05594cb782d80b269cc3c84c3d83365d7f61a2b3589c12f8695d8b5 607652 libpmix-dev_3.1.2-2_amd64.deb
 da5c64f75de77ecc26d74060e186f0a9b91a18fcc54a5ce1d852cff3ac9ff59a 2960480 libpmix2-dbgsym_3.1.2-2_amd64.deb
 1d3f6afcdec541e8f85e3ce7466061e3dea1e82727d7c9e8f741b4015c0823e1 498624 libpmix2_3.1.2-2_amd64.deb
 d58523592f617438fdbbf09b1139dfad210f0031c129450aa02ffe6f06355194 7619 pmix_3.1.2-2_amd64.buildinfo
Files:
 06267aaee8d9804488ae2091a287e108 2140 net optional pmix_3.1.2-2.dsc
 c99529658f9d8c1c49ff2e89d21f5bfa 7604 net optional pmix_3.1.2-2.debian.tar.xz
 9e560d1ad0bdc06f73196fbe5b8c4605 545356 libdevel optional libpmi-pmix-dev_3.1.2-2_amd64.deb
 55849f72fb7019051113014c57854f3b 1774848 debug optional libpmi1-pmix-dbgsym_3.1.2-2_amd64.deb
 af856cb171f4cd1abbec386fef7bde7c 342492 libs optional libpmi1-pmix_3.1.2-2_amd64.deb
 ceb4ed185f2b4139c12b56b0cee9bb2c 1777512 debug optional libpmi2-pmix-dbgsym_3.1.2-2_amd64.deb
 7ea1d9b4e8dd074a7fcad64a4ebe185b 345264 libs optional libpmi2-pmix_3.1.2-2_amd64.deb
 21a3c4aff3ab5ec4d840abf779b1dda8 607652 libdevel optional libpmix-dev_3.1.2-2_amd64.deb
 f70e4a1f2770f594d13dd7db87445e4c 2960480 debug optional libpmix2-dbgsym_3.1.2-2_amd64.deb
 eeae87fe65638ff7147beefee0c44f83 498624 libs optional libpmix2_3.1.2-2_amd64.deb
 87f0c3e960dd1510b4aa6bd0695d706b 7619 net optional pmix_3.1.2-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEgjg86RZbNHx4cIGiy+a7Tl2a06UFAlxRcM4ACgkQy+a7Tl2a
06Wy3RAAlnmxBfnbf1iC9TrXVfMpTB6cklxthPfXREtuOwyWD5jIMqiX//RUcWn8
kcAFZPinq9lDdGaE3jTLyOtAVTc+lbBMUzP06m0Vhju1SSJcZ1bXFKParR9tTKiS
RLgTVNnsMBzRCpdNrVgF3s2wR2uhb3d2+GM14DqwqzqEju4KiNjlbipkXMp/d0lQ
OWLLVXyuBicrBzkAMBgkrPi1vYQ3qNKoFc4xPCQSl8CrwNWhj5SVCduH4ykg6qCy
rFOvBmMhLIDtSSkJLg9sVqx+l+sAGxcA6kKeSm1TeiNCZGe9u1haWMBs6jLkEA8u
f48lscC7CzjSDiDl4KmMU1Iq7nWYvhAFzBpGo9Kl5DGkUCKrEMsa5E9uKQmxHHna
a6oVxevrEanmUmieMVKMURb2lvANzFDbsb/kaa36VjHx9r5WmmLyAC1mG6iL+Uu9
HN3zn1VIrauWJmM7CllE9cNTayXb8yc/xHPLMuay/mbmtWIKXshZiTOudWMjJX3R
+C4mL0LMs/u4MbMvdbZbRU9V2jxOoUXUCzbRrmjItDjiaWybCBYYe9BoBYGkjaum
cXyAjpzEuXM+3BvPDm6wCqehGC3jTkIxlnnsvFjgQ/JqoUihc8zKFarSx7w8wY80
AxqPax4Ny8NIS1bQZjNgTDEW05IIyy0H/XhQNWaO2iGX70rJCcA=
=e3YN
-----END PGP SIGNATURE-----

Bug reopened Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 30 Jan 2019 10:54:02 GMT) (full text, mbox, link).

No longer marked as fixed in versions pmix/3.1.2-2. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 30 Jan 2019 10:54:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:15:56 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started