From: Igor Zubkov <icesik@mail.ru>
To: ALT Linux Sisyphus discussion list <sisyphus@lists.altlinux.org>
Subject: [sisyphus] Fwd: [SA22599] phpMyAdmin Unspecified UTF-7 Cross-Site Scripting Vulnerability
Date: Thu, 2 Nov 2006 18:30:50 +0200
Message-ID: <200611021830.56432.icesik@mail.ru> (raw)
[-- Attachment #1: Type: text/plain, Size: 2450 bytes --]
Всё как обычно, пакет отправлен в /i/S/ на сборку.
Так же, собранный пакет лежит --
ftp://ftp.altlinux.org/pub/people/icesik/RPMS/
---------- Пересланное сообщение ----------
Subject: [SA22599] phpMyAdmin Unspecified UTF-7 Cross-Site Scripting
Vulnerability
Date: 1 ноября 2006 19:03
From: Secunia Security Advisories <sec-adv@secunia.com>
To: icesik@mail.ru
----------------------------------------------------------------------
TITLE:
phpMyAdmin Unspecified UTF-7 Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA22599
VERIFY ADVISORY:
http://secunia.com/advisories/22599/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
phpMyAdmin 2.x
http://secunia.com/product/1720/
DESCRIPTION:
A vulnerability has been reported in phpMyAdmin, which can be
exploited by malicious people to conduct cross-site scripting
attacks.
Input containing UTF-7 encoded characters passed to unspecified
parameters is not properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script code
in a user's browser session in context of an affected site.
The vulnerability is reported in versions 2.6.4 through 2.9.0.2.
SOLUTION:
Update to version 2.9.0.3.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Stefan Esser.
ORIGINAL ADVISORY:
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=icesik%40mail.ru
----------------------------------------------------------------------
-------------------------------------------------------
--
Кукрыниксы - Скоро кончится лето
[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]
reply other threads:[~2006-11-02 16:30 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200611021830.56432.icesik@mail.ru \
--to=icesik@mail.ru \
--cc=sisyphus@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Sisyphus discussions
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus/0 sisyphus/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus sisyphus/ http://lore.altlinux.org/sisyphus \
sisyphus@altlinux.ru sisyphus@altlinux.org sisyphus@lists.altlinux.org sisyphus@lists.altlinux.ru sisyphus@lists.altlinux.com sisyphus@linuxteam.iplabs.ru sisyphus@list.linux-os.ru
public-inbox-index sisyphus
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git