Hello! I have tested the fixes in a virtual machine and here are the
results.
Current version in Impish does not work at all and
1.9.8.2-1ubuntu0.21.10.1 version fixes the problems and is not
vulnerable to the XSS in the newRows parameter.
Current version for Focal is vulnerable and
Hi Nicholas,
We are still awaiting the results of testing for the packages in the
security team PPA...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1964710
Title:
XSS vulnerability in row_create
** Changed in: phpliteadmin (Ubuntu)
Importance: Undecided => Medium
** Changed in: phpliteadmin (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: phpliteadmin (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: phpliteadmin (Ubuntu Impish)
Importance:
This was fixed in Jammy (Ubuntu 22.04 LTS pre-release) in phpliteadmin
1.9.8.2-2, closing that task.
** Changed in: phpliteadmin (Ubuntu Jammy)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
ACK on the debdiffs in comments #1 and #2. I did add the CVE number to
the changelog though, to make it easier to track.
I've uploaded packages to the security team PPA here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages
Could you please give them a try and once
** Also affects: phpliteadmin (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: phpliteadmin (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: phpliteadmin (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects:
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46709
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1964710
Title:
XSS vulnerability in row_create
To manage notifications about
** Description changed:
On 21 August 2021, it was publicly reported a little XSS vulnerability
in the phpLiteAdmin script packaged in Ubuntu. The following versions of
the phpliteadmin package are affected.
- * 1.9.8.2-1 echoes GET parameter newRows to HTML with no properly
-
** Patch added: "phpliteadmin_1.9.7.1-1ubuntu0.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+attachment/5568398/+files/phpliteadmin_1.9.7.1-1ubuntu0.2.debdiff
** Information type changed from Public to Public Security
--
You received this bug notification
** Patch added: "phpliteadmin_1.9.8.2-1ubuntu0.20.04.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+attachment/5568397/+files/phpliteadmin_1.9.8.2-1ubuntu0.20.04.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
10 matches
Mail list logo