Hello! I have tested the fixes in a virtual machine and here are the
results.
Current version in Impish does not work at all and
1.9.8.2-1ubuntu0.21.10.1 version fixes the problems and is not
vulnerable to the XSS in the newRows parameter. 👍
Current version for Focal is vulnerable and 1.9.8.2-1ub
Hi Nicholas,
We are still awaiting the results of testing for the packages in the
security team PPA...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1964710
Title:
XSS vulnerability in row_create
** Changed in: phpliteadmin (Ubuntu)
Importance: Undecided => Medium
** Changed in: phpliteadmin (Ubuntu Bionic)
Importance: Undecided => Medium
** Changed in: phpliteadmin (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: phpliteadmin (Ubuntu Impish)
Importance: Undecide
This was fixed in Jammy (Ubuntu 22.04 LTS pre-release) in phpliteadmin
1.9.8.2-2, closing that task.
** Changed in: phpliteadmin (Ubuntu Jammy)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https:/
ACK on the debdiffs in comments #1 and #2. I did add the CVE number to
the changelog though, to make it easier to track.
I've uploaded packages to the security team PPA here:
https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages
Could you please give them a try and once th
** Also affects: phpliteadmin (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: phpliteadmin (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: phpliteadmin (Ubuntu Jammy)
Importance: Undecided
Status: New
** Also affects: phpliteadmi
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-46709
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1964710
Title:
XSS vulnerability in row_create
To manage notifications about th
** Description changed:
On 21 August 2021, it was publicly reported a little XSS vulnerability
in the phpLiteAdmin script packaged in Ubuntu. The following versions of
the phpliteadmin package are affected.
- * 1.9.8.2-1 echoes GET parameter newRows to HTML with no properly
-escaping
** Patch added: "phpliteadmin_1.9.7.1-1ubuntu0.2.debdiff"
https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+attachment/5568398/+files/phpliteadmin_1.9.7.1-1ubuntu0.2.debdiff
** Information type changed from Public to Public Security
--
You received this bug notification be
** Patch added: "phpliteadmin_1.9.8.2-1ubuntu0.20.04.1.debdiff"
https://bugs.launchpad.net/ubuntu/+source/phpliteadmin/+bug/1964710/+attachment/5568397/+files/phpliteadmin_1.9.8.2-1ubuntu0.20.04.1.debdiff
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
10 matches
Mail list logo
