*** This bug is a security vulnerability *** Public security bug reported:
in Ubuntu 10.04.3 LTS, Release: 10.04 following phpmyadmin package is used: 4:3.3.2-1, published on 2010-04-16 The maintainers of phpmyadmin report: "[...]Versions 3.4.3.2 and 3.3.10.3 of phpMyAdmin close a total of four security holes in the open source database administration tool. According to the phpMyAdmin developers, the security releases address two "critical" vulnerabilities that could lead to possible session manipulation in swekey authentication or remote code execution. A "serious" bug that could allow an attacker to perform a local file inclusion and a "minor" cross-site scripting (XSS) hole have also been fixed. Versions 3.4.3.1 and earlier are affected. The 2.11.x branch, which reached its end of life earlier this month, is not affected by the session manipulation hole, but may be affected by the others. All users are advised to update to the latest versions. Alternatively, users can apply the provided patches.[...]" See http://www.h-online.com/open/news/item/phpMyAdmin-updates-close- critical-security-holes-1285281.html or phpmyadmin project homepage: http://sourceforge.net/mailarchive/message.php?msg_id=27840904 The new package should be merged. Thank you all ** Affects: phpmyadmin (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/823855 Title: Package update because of security holes needed To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/823855/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
