Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20130409120124.GA13964@elende>
Date: Tue, 9 Apr 2013 14:01:24 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Subject: CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8

Hi Kurt

New phpMyAdmin release (3.5.8) contains the following changelog entry:

3.5.8.0 (2013-04-08)
- bug #3828 MariaDB reported as MySQL
- bug #3854 Incorrect header for Safari 6.0
- bug #3705 Attempt to open trigger for edit gives NULL
- Use HTML5 DOCTYPE 
- [security] Self-XSS on GIS visualisation page, reported by Janek Vind
- bug #3800 Incorrect keyhandler behaviour #2

refering to a XSS vulnerability on the GIS visualisation page. [1] is
the reference by Janek Vind, upstream commit afaics [2].

 [1]: http://seclists.org/fulldisclosure/2013/Apr/100
 [2]: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a

Could a CVE be assigned to this issue?

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.