Bug#376442: marked as done (phpqladmin: CVE-2006-3301 multiple XSS vulnerabilities)

Mon, 02 Jun 2008 04:59:19 -0700 

Your message dated Mon, 2 Jun 2008 12:54:57 +0100
with message-id <[EMAIL PROTECTED]>
and subject line phpqladmin has been removed from Debian, closing #376442
has caused the Debian Bug report #376442,
regarding phpqladmin: CVE-2006-3301 multiple XSS vulnerabilities
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
376442: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=376442
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message --- 
Package: phpqladmin
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2006-3301: "Multiple cross-site scripting (XSS) vulnerabilities in
phpQLAdmin 2.2.7 and earlier allow remote attackers to inject arbitrary
web script or HTML via the domain parameter in (1) user_add.php or (2)
unit_add.php."

The CVE does not link to a patch.  I have not confirmed the
vulnerability.  The original announcement is low on details.

Please mention the CVE in your changelog.

Thanks,

Alec

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEqF/2Aud/2YgchcQRAloaAJ45lDK1BnwxRQDbk63BR7YdgDqgeACggLSv
2lK99Qdo9gSYtkvwHPdEdJ0=
=SBeV
-----END PGP SIGNATURE-----

--- End Message ---
--- Begin Message --- 
Version: 2.2.8-2.1+rm

The phpqladmin package has been removed from Debian testing, unstable and
experimental, so I am now closing the bugs that were still opened
against it.

For more information about this package's removal, read
http://bugs.debian.org/444709 . That bug might give the reasons why
this package was removed, and suggestions of possible replacements.

Don't hesitate to reply to this mail if you have any question.

Thank you for your contribution to Debian.

--
Marco Rodrigues
http://Marco.Tondela.org

--- End Message ---

Reply via email to