This bug was fixed in the package phpmyadmin - 4:3.1.2-1ubuntu0.2 --------------- phpmyadmin (4:3.1.2-1ubuntu0.2) jaunty-security; urgency=low
* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505) - debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter special characters in db_operations.php and db_structure.php. - CVE-2009-3696 * SECURITY UPDATE: SQL injection via PDF schema generator functionality (LP: #450505) - debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter and escape special characters in pdf_pages.php and pmd_pdf.php. - CVE-2009-3697 * SECURITY UPDATE: code injection via configuration files (LP: #392324) - Previous patch for CVE-2009-1285 was incomplete - debian/patches/045-security-CVE-2009-1285-2.dpatch: do not allow user to modify php code before saving in setup/frames/config.inc.php and setup/config.php. - CVE-2009-1285 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Mon, 26 Oct 2009 08:55:07 -0400 ** Changed in: phpmyadmin (Ubuntu Jaunty) Status: Triaged => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3696 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-3697 -- CVE-2009-1285: Insufficient output sanitizing when generating configuration file https://bugs.launchpad.net/bugs/392324 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs