Package: phpmyadmin Version: 3:2.6.1-1 Severity: critical Tags: security New upstream version addresses several file include and XSS issues; see http://securityreason.com/adv/phpmyadmin_2.6.1_remote_file_inclusion_and_xss_cxib8o3.4.txt
Also it may be worth considering switching register_globals to Off in /usr/share/phpmyadmin/.htaccess - it should have been safe for phpmyadmin for 1-2 years already. This would also have stopped some of the XSS issues that popped up this time.. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing'), (800, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11-s0p2-smp Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages phpmyadmin depends on: ii apache2 2.0.53-4 next generation, scalable, extenda ii apache2-mpm-prefork [httpd] 2.0.53-4 traditional model for Apache2 ii debconf 1.4.30.11 Debian configuration management sy ii php4 4:4.3.10-7 server-side, HTML-embedded scripti ii php4-mysql 4:4.3.10-7 MySQL module for php4 ii ucf 1.14 Update Configuration File: preserv -- debconf information: * phpmyadmin/reconfigure-webserver: apache, apache-ssl, apache-perl, apache2 * phpmyadmin/restart-webserver: false -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]