[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 11 Jan 2010 18:33:07 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request: phpMyAdmin
Steve,
I'm going to defer this one to you for CVE assignment so you can dish out 2009 and 2008 ids for these.
Thanks.
--
JB
----- "Ludwig Nussel" <ludwig.nussel@...e.de> wrote:
> Hi,
>
> phpMyAdmin 2.11.10 was released with security fixes according to the
> changelog:
> http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_10/phpMyAdmin/ChangeLog?revision=13152&view=markup
>
> unserialize fix:
> http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
>
> the temporary file issues seem to be from 2008 but were not released
> so far:
> http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
> http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
>
> cu
> Ludwig
>
> --
> (o_ Ludwig Nussel
> //\
> V_/_ http://www.suse.de/
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
