[Phpmyadmin-git] [SCM] phpMyAdmin website branch, master, updated. ed7fc69cfb5cfea1ed3086a303672813108ac474

Mon, 25 Jul 2011 09:44:49 -0700 

The branch, master has been updated
       via  ed7fc69cfb5cfea1ed3086a303672813108ac474 (commit)
      from  edf479236124f733e845988fcdfaf64aada325fe (commit)


- Log -----------------------------------------------------------------
commit ed7fc69cfb5cfea1ed3086a303672813108ac474
Author: Marc Delisle <[email protected]>
Date:   Mon Jul 25 12:44:14 2011 -0400

    Update for PMASA-2011-12

-----------------------------------------------------------------------

Summary of changes:
 templates/security/PMASA-2011-12 |    9 +++++----
 1 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/templates/security/PMASA-2011-12 b/templates/security/PMASA-2011-12
index ed27796..7405881 100644
--- a/templates/security/PMASA-2011-12
+++ b/templates/security/PMASA-2011-12
@@ -11,16 +11,16 @@ PMASA-2011-12
 </py:def>
 
 <py:def function="announcement_updated">
-2011-07-24
+2011-07-25
 </py:def>
 
 <py:def function="announcement_summary">
-Possible session manipulation in swekey authentication.
+Possible superglobal and local variables manipulation in swekey authentication.
 </py:def>
 
 <py:def function="announcement_description">
-It was possible to manipulate the PHP session superglobal using some of the 
Swekey authentication code.
-This is very similar to PMASA-2011-5. 
+It was possible to manipulate the PHP superglobals (including SESSION) using 
some of the Swekey authentication code. Also, variables local to the affected 
Swekey function were at risk.
+This is similar to PMASA-2011-5. 
 </py:def>
 
 <py:def function="announcement_severity">
@@ -28,6 +28,7 @@ We consider this vulnerability to be critical.
 </py:def>
 
 <py:def function="announcement_mitigation">
+The Swekey authentication mechanism must be activated (which is not a 
requirement in the case of PMASA-2011-5).
 </py:def>
 
 <py:def function="announcement_affected">


hooks/post-receive
-- 
phpMyAdmin website

------------------------------------------------------------------------------
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide.  Store less, Store more with what you own, Move data to 
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git

Reply via email to