[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <241062814.111731263252787945.JavaMail.root@zmail01.collab.prod.int.phx2.redhat.com>
Date: Mon, 11 Jan 2010 18:33:07 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley <coley@...re.org>
Subject: Re: CVE Request: phpMyAdmin
Steve,
I'm going to defer this one to you for CVE assignment so you can dish out 2009 and 2008 ids for these.
Thanks.
--
JB
----- "Ludwig Nussel" <ludwig.nussel@...e.de> wrote:
> Hi,
>
> phpMyAdmin 2.11.10 was released with security fixes according to the
> changelog:
> http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MAINT_2_11_10/phpMyAdmin/ChangeLog?revision=13152&view=markup
>
> unserialize fix:
> http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
>
> the temporary file issues seem to be from 2008 but were not released
> so far:
> http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
> http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
>
> cu
> Ludwig
>
> --
> (o_ Ludwig Nussel
> //\
> V_/_ http://www.suse.de/
> SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
