[Bug 392324] Re: CVE-2009-1285: Insufficient output sanitizing when generating configuration file
Launchpad Bug Tracker
392324 at bugs.launchpad.net
Mon Oct 26 21:03:21 UTC 2009
This bug was fixed in the package phpmyadmin - 4:3.1.2-1ubuntu0.2
---------------
phpmyadmin (4:3.1.2-1ubuntu0.2) jaunty-security; urgency=low
* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
- debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter special
characters in db_operations.php and db_structure.php.
- CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
(LP: #450505)
- debian/patches/046-security-CVE-2009-3696-3697.dpatch: filter and
escape special characters in pdf_pages.php and pmd_pdf.php.
- CVE-2009-3697
* SECURITY UPDATE: code injection via configuration files (LP: #392324)
- Previous patch for CVE-2009-1285 was incomplete
- debian/patches/045-security-CVE-2009-1285-2.dpatch: do not allow user
to modify php code before saving in setup/frames/config.inc.php and
setup/config.php.
- CVE-2009-1285
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Mon, 26 Oct 2009
08:55:07 -0400
** Changed in: phpmyadmin (Ubuntu Jaunty)
Status: Triaged => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3696
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-3697
--
CVE-2009-1285: Insufficient output sanitizing when generating configuration file
https://bugs.launchpad.net/bugs/392324
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list