Debian Bug report logs -
#449103
CVE-2007-5728: Cross-site scripting (XSS) vulnerability
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Sat, 3 Nov 2007 00:48:01 UTC
Severity: important
Tags: security
Fixed in version phppgadmin/4.1.3-0.1
Done: Tobias Klauser <tklauser@access.unizh.ch>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Isaac Clerencia <isaac@debian.org>:
Bug#449103; Package phppgadmin.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
New Bug report received and forwarded. Copy sent to Isaac Clerencia <isaac@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: phppgadmin
Severity: important
Tags: security
Hi Isaac
Could you please check, if the following CVE[0] affects the debian
versions?
CVE-2007-5728:
Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, and
possibly 4.1.2, allows remote attackers to inject arbitrary web script
or HTML via certain input available in PHP_SELF in (1) redirect.php,
possibly related to (2) login.php, different vectors than CVE-2007-2865.
Thanks for your efforts.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5728
Information forwarded to debian-bugs-dist@lists.debian.org, Isaac Clerencia <isaac@debian.org>:
Bug#449103; Package phppgadmin.
(full text, mbox, link).
Acknowledgement sent to Nico Golde <nion@debian.org>:
Extra info received and forwarded to list. Copy sent to Isaac Clerencia <isaac@debian.org>.
(full text, mbox, link).
Message #10 received at 449103@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
please just package the current upstream version (4.1.3)
which contains fixes for this.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
[Message part 2 (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Isaac Clerencia <isaac@debian.org>:
Bug#449103; Package phppgadmin.
(full text, mbox, link).
Acknowledgement sent to Tobias Klauser <tklauser@access.unizh.ch>:
Extra info received and forwarded to list. Copy sent to Isaac Clerencia <isaac@debian.org>.
(full text, mbox, link).
Message #15 received at 449103@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
Attached you'll find the NMU diff for phppgadmin 4.1.3-0.1
Cheers, Tobias
[449103-NMU.diff (text/x-diff, attachment)]
[signature.asc (application/pgp-signature, inline)]
Reply sent to Tobias Klauser <tklauser@access.unizh.ch>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #20 received at 449103-close@bugs.debian.org (full text, mbox, reply):
Source: phppgadmin
Source-Version: 4.1.3-0.1
We believe that the bug you reported is fixed in the latest version of
phppgadmin, which is due to be installed in the Debian FTP archive:
phppgadmin_4.1.3-0.1.diff.gz
to pool/main/p/phppgadmin/phppgadmin_4.1.3-0.1.diff.gz
phppgadmin_4.1.3-0.1.dsc
to pool/main/p/phppgadmin/phppgadmin_4.1.3-0.1.dsc
phppgadmin_4.1.3-0.1_all.deb
to pool/main/p/phppgadmin/phppgadmin_4.1.3-0.1_all.deb
phppgadmin_4.1.3.orig.tar.gz
to pool/main/p/phppgadmin/phppgadmin_4.1.3.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 449103@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Klauser <tklauser@access.unizh.ch> (supplier of updated phppgadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 13 Jan 2008 17:52:27 +0100
Source: phppgadmin
Binary: phppgadmin
Architecture: source all
Version: 4.1.3-0.1
Distribution: unstable
Urgency: low
Maintainer: Isaac Clerencia <isaac@debian.org>
Changed-By: Tobias Klauser <tklauser@access.unizh.ch>
Description:
phppgadmin - Set of PHP scripts to administrate PostgreSQL over the WWW
Closes: 449103
Changes:
phppgadmin (4.1.3-0.1) unstable; urgency=low
.
* Non-maintainer upload from the Zurich BSP.
* Fixes cross-site scripting vulnerability (CVE 2007-5728), closes: #449103.
The only changes introduced upstream with this version were to fix this
bug.
Files:
8833eae4bc9ab59ae6c3cdb70e422aaf 588 web extra phppgadmin_4.1.3-0.1.dsc
051ab45cdf2f9cdcd0d95a16fff48094 818934 web extra phppgadmin_4.1.3.orig.tar.gz
02e532c4f4c89667f3d97e233fb83104 13363 web extra phppgadmin_4.1.3-0.1.diff.gz
f506ca58df695730ffe6a162a579a12d 808384 web extra phppgadmin_4.1.3-0.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHik+S+C5cwEsrK54RAjQdAKChsLDxuqvtYerjOXiTyyWKsmGMYACfQbzs
FqGeW1LgYLkKS0rG2G++JBE=
=jw/x
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 17 Feb 2008 07:25:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:31:49 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon