Your message dated Thu, 04 Sep 2025 12:39:41 +0000
with message-id <[email protected]>
and subject line Bug#1104136: fixed in phpmyadmin 4:5.2.2-really+dfsg-2
has caused the Debian Bug report #1104136,
regarding CVE-2025-3573
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1104136: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104136
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: phpmyadmin
Version: 4:5.2.2-really+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for src:phpmyadmin
CVE-2025-3573[0]:
| Versions of the package jquery-validation before 1.20.0 are
| vulnerable to Cross-site Scripting (XSS) in the showLabel()
| function, which may take input from a user-controlled placeholder
| value. This value will populate a message via $.validator.messages
| in a user localizable dictionary.
phpmyadmin includes embedded jquery-validation.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-3573
https://www.cve.org/CVERecord?id=CVE-2025-3573
[1] https://github.com/jquery-validation/jquery-validation/pull/2462
[2] https://github.com/jquery-validation/jquery-validation/commit/
7a490d8f39bd988027568ddcf51755e1f4688902
Please adjust the affected versions in the BTS as needed.
Regards,
rouca
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Source: phpmyadmin
Source-Version: 4:5.2.2-really+dfsg-2
Done: William Desportes <[email protected]>
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
William Desportes <[email protected]> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Sep 2025 13:39:06 +0200
Source: phpmyadmin
Architecture: source
Version: 4:5.2.2-really+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: phpMyAdmin Packaging Team <[email protected]>
Changed-By: William Desportes <[email protected]>
Closes: 1104136
Changes:
phpmyadmin (4:5.2.2-really+dfsg-2) unstable; urgency=medium
.
[ William Desportes ]
* Update tests patch to run on phpunit 12
* CVE-2025-3573 - Update jquery.validate.js to 1.21.0
This is the version distributed in phpMyAdmin 5.2.2
(Closes: #1104136)
.
[ Spyridon Eftychios Kokotos ]
* Translated using Weblate (Greek)
.
[ Temuri Doghonadze ]
* Added translation using Weblate (Georgian)
* Translated using Weblate (Georgian)
.
[ Chou Chamnan ]
* Added translation using Weblate (Khmer (Central))
* Translated using Weblate (Khmer (Central))
.
[ Eduardo Arroyo Morales ]
* Added translation using Weblate (English (Middle))
Checksums-Sha1:
7fbf91de0ac72808e19b481dc6b7980a4193056c 2329
phpmyadmin_5.2.2-really+dfsg-2.dsc
d37e98c949164612412ae007d7a6b256b3d93775 9843104
phpmyadmin_5.2.2-really+dfsg.orig.tar.xz
f204c0fa55c9bab4a0f2ee7371ddbaafdf844894 1295516
phpmyadmin_5.2.2-really+dfsg-2.debian.tar.xz
5b5db32c9a7023990a2ab5097e8a3d1a563c0a99 25979
phpmyadmin_5.2.2-really+dfsg-2_source.buildinfo
Checksums-Sha256:
afbe726b2667e0b92c9bab7e81e6013a98e1f757a030373085ac4355509c3d15 2329
phpmyadmin_5.2.2-really+dfsg-2.dsc
762813db34708e92c1bee133e6c769e7c4415a17cc86d7778ab62bff67a7096e 9843104
phpmyadmin_5.2.2-really+dfsg.orig.tar.xz
2f47ef002e65029d4a6c8c5e0aa052102c28e94688b290e80fc31b10551f4982 1295516
phpmyadmin_5.2.2-really+dfsg-2.debian.tar.xz
0c3064b2719a070a92f7f693c86bd55cd20c83958f34c0b88dd85b949dcccdc9 25979
phpmyadmin_5.2.2-really+dfsg-2_source.buildinfo
Files:
78198c5d3a2ba9cddf6014a24cc29d81 2329 web optional
phpmyadmin_5.2.2-really+dfsg-2.dsc
7d909c844188c8a2ba71fec12ba1deae 9843104 web optional
phpmyadmin_5.2.2-really+dfsg.orig.tar.xz
e9bb49d88fdfbd1aacd39930f4772b26 1295516 web optional
phpmyadmin_5.2.2-really+dfsg-2.debian.tar.xz
07d97dac50b78b5d67154c533a5d53ca 25979 web optional
phpmyadmin_5.2.2-really+dfsg-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQTUOpr7jDz/A89V91JwaE9HF9SaMQUCaLmBZgAKCRBwaE9HF9Sa
MUQdAP42lPkmbsRZdhMgCth7OlrVZTiBpD7v2C6KzcpIBpT9cwD/dqvH+SjiM0yB
n9ATWVZFERF9MpkfkZ9tDJIbzVshKAo=
=gv8h
-----END PGP SIGNATURE-----
pgpkFocN8bL4O.pgp
Description: PGP signature
--- End Message ---
