CVE-2010-4480 CVE-2010-4481

Debian Bug report logs - #608290
CVE-2010-4480 CVE-2010-4481

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Giuseppe Iuculano <iuculano@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2010-4480 CVE-2010-4481

Date: Wed, 29 Dec 2010 18:48:47 +0100

Package: phpmyadmin
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for phpmyadmin.

CVE-2010-4480[0]:
| error.php in PhpMyAdmin 3.3.8.1, and other versions before
| 3.4.0-beta1, allows remote attackers to conduct cross-site scripting
| (XSS) attacks via a crafted BBcode tag containing "@" characters, as
| demonstrated using "[a@url@page]".

CVE-2010-4481[1]:
| phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass
| authentication and obtain sensitive information via a direct request
| to phpinfo.php, which calls the phpinfo function.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4480
    http://security-tracker.debian.org/tracker/CVE-2010-4480
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4481
    http://security-tracker.debian.org/tracker/CVE-2010-4481


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAk0bdHwACgkQNxpp46476aofUACfaJ8qZk9hruUgU4JuL5t+oDW7
nVkAn2VBTXIrA3x0z85C7DUdLnRo/fkj
=pVQM
-----END PGP SIGNATURE-----

Message #10 received at 608290@bugs.debian.org (full text, mbox, reply):

From: Julien Cristau <jcristau@debian.org>

To: Giuseppe Iuculano <iuculano@debian.org>, 608290@bugs.debian.org

Subject: Re: Bug#608290: CVE-2010-4480 CVE-2010-4481

Date: Thu, 30 Dec 2010 16:36:31 +0100

[Message part 1 (text/plain, inline)]

user release.debian.org@packages.debian.org
usertag 608290 squeeze-can-defer
tag 608290 squeeze-ignore
kthxbye

On Wed, Dec 29, 2010 at 18:48:47 +0100, Giuseppe Iuculano wrote:

> Package: phpmyadmin
> Severity: serious
> Tags: security
> 
> 
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) ids were
> published for phpmyadmin.
> 
Can be fixed through security.d.o if it's not done by release, tagging
accordingly.  A fixed package would still be appreciated, though.

Cheers,
Julien

[signature.asc (application/pgp-signature, inline)]

Message #17 received at 608290-close@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: 608290-close@bugs.debian.org

Subject: Bug#608290: fixed in phpmyadmin 4:3.3.7-3

Date: Thu, 30 Dec 2010 17:02:47 +0000

Source: phpmyadmin
Source-Version: 4:3.3.7-3

We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:

phpmyadmin_3.3.7-3.debian.tar.gz
  to main/p/phpmyadmin/phpmyadmin_3.3.7-3.debian.tar.gz
phpmyadmin_3.3.7-3.dsc
  to main/p/phpmyadmin/phpmyadmin_3.3.7-3.dsc
phpmyadmin_3.3.7-3_all.deb
  to main/p/phpmyadmin/phpmyadmin_3.3.7-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 608290@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated phpmyadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 30 Dec 2010 17:48:08 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:3.3.7-3
Distribution: unstable
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 phpmyadmin - MySQL web administration tool
Closes: 608290
Changes: 
 phpmyadmin (4:3.3.7-3) unstable; urgency=high
 .
   * Address two security issues (Closes: #608290):
   - It was possible to display arbitrary text and link to external site
     using parameters passed to particular script
     (CVE-2010-4480, PMASA-2010-9).
   - Phpinfo could be visible to not logged in users if this feature was
     enabled (minor issue; CVE-2010-4481, PMASA-2010-10).
Checksums-Sha1: 
 fb328acd589fde6e1cebccc9082bd23318fcadbe 1517 phpmyadmin_3.3.7-3.dsc
 fd42a4e669db8fedeab8bf47d8e2ab94c6e352c7 47501 phpmyadmin_3.3.7-3.debian.tar.gz
 c343ea2bb9b6b5170ffb9f04576077286481d737 4352748 phpmyadmin_3.3.7-3_all.deb
Checksums-Sha256: 
 e16434a5886ba312b5b137bb69e37a39f9bd1161c0d0337c23649b007468b868 1517 phpmyadmin_3.3.7-3.dsc
 72fcd7eb7dc0cfe12da9e76688b0b34e664aa2ab68f5da8451d3e106d6cac8e8 47501 phpmyadmin_3.3.7-3.debian.tar.gz
 20a966067cc632c3fda423e9232ef297b96664abc6f90cbde704ebe9d80bd136 4352748 phpmyadmin_3.3.7-3_all.deb
Files: 
 a4d8b319f5748ead9f2824e3f1e778d5 1517 web extra phpmyadmin_3.3.7-3.dsc
 af6f312c16a0d449ed28a09247db615b 47501 web extra phpmyadmin_3.3.7-3.debian.tar.gz
 427b91b46b227c53065520835d170396 4352748 web extra phpmyadmin_3.3.7-3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJNHLh8AAoJEOxfUAG2iX5727cIAL1dlCaD7b6M7BbNPiu3qlMq
tO45JmgiLFaifUGFaOTSkxpAN4P2KCbb+5uwIYlhgSBjJ4ztXs3y4NgYcOqePSnW
pb2nI6TBAXeIDFhjR5MbZN1W6qUfAZIpw/xBRjno8DYt/wxr/uMbaME7SIzKhKVb
pB07XfF/iKRWEc3XI9r59A6IbgaMAM8esR5AUo5V2MtucDumEp1o/E9sukk+3i2m
ACWprc9DNZhODH5tnya4+wUhh493+wuQWZQrBCcRN8j7Qz+lMBidgHctJ8OK9Xax
s1LxR4+GwwmQp7me8E4F5q+DI3qPk39W9tnUMeUZZLvTLTVjHLJBnbYkzvrGtIw=
=91s7
-----END PGP SIGNATURE-----

Message #22 received at 608290@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: Julien Cristau <jcristau@debian.org>, 608290@bugs.debian.org

Subject: Re: Bug#608290: CVE-2010-4480 CVE-2010-4481

Date: Thu, 30 Dec 2010 18:15:44 +0100

[Message part 1 (text/plain, inline)]

On Thursday 30 December 2010 16:36:31 Julien Cristau wrote:
> > the following CVE (Common Vulnerabilities & Exposures) ids were
> > published for phpmyadmin.
> >
> > 
> 
> Can be fixed through security.d.o if it's not done by release, tagging
> accordingly.  A fixed package would still be appreciated, though.

In that case, please unblock phpmyadmin/4:3.3.7-3. Thanks.


Thijs

[signature.asc (application/pgp-signature, inline)]

Message #27 received at 608290@bugs.debian.org (full text, mbox, reply):

From: Julien Cristau <jcristau@debian.org>

To: Thijs Kinkhorst <thijs@debian.org>

Cc: 608290@bugs.debian.org

Subject: Re: Bug#608290: CVE-2010-4480 CVE-2010-4481

Date: Fri, 31 Dec 2010 17:35:30 +0100

[Message part 1 (text/plain, inline)]

On Thu, Dec 30, 2010 at 18:15:44 +0100, Thijs Kinkhorst wrote:

> On Thursday 30 December 2010 16:36:31 Julien Cristau wrote:
> > > the following CVE (Common Vulnerabilities & Exposures) ids were
> > > published for phpmyadmin.
> > >
> > > 
> > 
> > Can be fixed through security.d.o if it's not done by release, tagging
> > accordingly.  A fixed package would still be appreciated, though.
> 
> In that case, please unblock phpmyadmin/4:3.3.7-3. Thanks.
> 
Done yesterday, should migrate tomorrow evening.

Thanks,
Julien

[signature.asc (application/pgp-signature, inline)]

Message #32 received at 608290-close@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: 608290-close@bugs.debian.org

Subject: Bug#608290: fixed in phpmyadmin 4:2.11.8.1-5+lenny7

Date: Sun, 02 Jan 2011 13:57:51 +0000

Source: phpmyadmin
Source-Version: 4:2.11.8.1-5+lenny7

We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:

phpmyadmin_2.11.8.1-5+lenny7.diff.gz
  to main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny7.diff.gz
phpmyadmin_2.11.8.1-5+lenny7.dsc
  to main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny7.dsc
phpmyadmin_2.11.8.1-5+lenny7_all.deb
  to main/p/phpmyadmin/phpmyadmin_2.11.8.1-5+lenny7_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 608290@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <thijs@debian.org> (supplier of updated phpmyadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 31 Dec 2010 14:07:44 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.11.8.1-5+lenny7
Distribution: stable-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Thijs Kinkhorst <thijs@debian.org>
Description: 
 phpmyadmin - MySQL web administration tool
Closes: 608290
Changes: 
 phpmyadmin (4:2.11.8.1-5+lenny7) stable-security; urgency=high
 .
   * Upload to stable to fix security issues (Closes: #608290).
   * Fix XSS on search (PMASA-2010-8, CVE-2010-4329).
   * Fix text/link injection on error (PMASA-2010-9, CVE-2010-4480).
   * Phpinfo when enabled was worldaccessible (PMASA-2010-10, CVE-2010-4481).
Checksums-Sha1: 
 6725fe50c23e5e67c10a3f652318004ad9f38372 1548 phpmyadmin_2.11.8.1-5+lenny7.dsc
 1c9756eccf4100c0a88f1b3f640324f1494cc379 76647 phpmyadmin_2.11.8.1-5+lenny7.diff.gz
 bf2186083dd78a633d3cedf1e1cb2fa8351f1384 2886534 phpmyadmin_2.11.8.1-5+lenny7_all.deb
Checksums-Sha256: 
 427df36c48f7a99723c2b0b2db2bee5105438cc47862e3edbbab013108a39e86 1548 phpmyadmin_2.11.8.1-5+lenny7.dsc
 e732bfcf9280436ffae87a6b9ddc2abc440007b5a6524f01751caa499ee772d4 76647 phpmyadmin_2.11.8.1-5+lenny7.diff.gz
 94d47f1bcbefe74d5fa07db8db0f584953dd68dbf0fb00800b30f12f2e3af66b 2886534 phpmyadmin_2.11.8.1-5+lenny7_all.deb
Files: 
 9097f5fd473824a1ba3080fd92a38805 1548 web extra phpmyadmin_2.11.8.1-5+lenny7.dsc
 fccd89eecce9a6a702f3dc16717efbe9 76647 web extra phpmyadmin_2.11.8.1-5+lenny7.diff.gz
 ea278bea0174d7e0706b5432b4dfdec7 2886534 web extra phpmyadmin_2.11.8.1-5+lenny7_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJNHdcgAAoJEOxfUAG2iX57FVMIAIx1QdUqNmuYH/N31MeiYtDJ
VmHAUEEx6vcPevXfb4kgy8EmZcUxmc6itaV31MHbjIAOW/q5CMBc3/Y2ycsJFmmh
NYaROX3y1qKJDXKmBMZP9D/RQ3z9vINAq4d/AR+Tv7Ents1pdwt5xM21Ahjp3uFR
0m98xEWx9YYcA6UTQWRfXi82bQlKoCLUD9rOcavGk6q+WLLwtTHuJGStwronw69Z
3CceLm97VJfsnBUdT4RSG9/PAO6fpZvP0VfbpMamz0Iuyf0tliHPVTSJWgWdnmsO
eJ6RpG9o4tga1PsXRf3cdIIFKDuAZEKnp+sPyMN+HBmvcaa29RPVbI3t1zybTu0=
=6BsD
-----END PGP SIGNATURE-----

Message #37 received at 608290-done@bugs.debian.org (full text, mbox, reply):

From: Michal Čihař <nijel@debian.org>

To: 608290-done@bugs.debian.org

Subject: Closing for experimental as well

Date: Tue, 18 Jan 2011 14:53:15 +0100

[Message part 1 (text/plain, inline)]

Version: 4:3.3.9-2

Forgot to generate longer changes on upload:

phpmyadmin (4:3.3.9-2) experimental; urgency=low

  * Add php5-fpm to list of PHP SAPIs (Closes: #609808, LP: #701997).
  * Incorporate Ubuntu backported patches for security issue.

 -- Michal Čihař <nijel@debian.org>  Tue, 18 Jan 2011 14:44:22 +0100

phpmyadmin (4:3.3.9-1ubuntu1) natty; urgency=low

  * SECURITY UPDATE: Unvalidated input on error page (Closes: #608290,
    LP: #696857)
    - debian/patches/CVE-2010-4480.patch: Don't use a redirect to the
    error page
    - CVE-2010-4480, PMASA-2010-9
  * SECURITY UPDATE: Possible information disclosure of phpinfo (same
    bug) 
    - debian/patches/CVE-2010-4481.patch: Don't skip authentication for
      PMA_MINIMUM_COMMON
    - CVE-2010-4481, PMASA-2010-10

 -- Micah Gersten <micahg@ubuntu.com>  Wed, 05 Jan 2011 23:42:17 -0600


-- 
	Michal Čihař | http://cihar.com | http://blog.cihar.com

[signature.asc (application/pgp-signature, attachment)]

Send a report that this bug log contains spam.