Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: Self-XSS in phpmyadmin fixed in 3.5.8
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 09 Apr 2013 11:17:07 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/09/2013 06:01 AM, Salvatore Bonaccorso wrote:
Hi Kurt

New phpMyAdmin release (3.5.8) contains the following changelog
entry:

3.5.8.0 (2013-04-08) - bug #3828 MariaDB reported as MySQL - bug
#3854 Incorrect header for Safari 6.0 - bug #3705 Attempt to open
trigger for edit gives NULL - Use HTML5 DOCTYPE - [security]
Self-XSS on GIS visualisation page, reported by Janek Vind - bug
#3800 Incorrect keyhandler behaviour #2

refering to a XSS vulnerability on the GIS visualisation page. [1]
is the reference by Janek Vind, upstream commit afaics [2].

[1]: http://seclists.org/fulldisclosure/2013/Apr/100 [2]:
https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a

 Could a CVE be assigned to this issue?

Regards, Salvatore

Please use CVE-2013-1937 for this issue (perfect CVE request BTW,
thanks!).


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRZE0SAAoJEBYNRVNeJnmTO5wQAKWUZnBtTi5F/xp0cakFX2rK
0NBhcT4NOAxJBdXcUDIAFHb2yfHLvYgTTjrIrSI10Rv+vEl594h51nzYaL427xVJ
RmKc0Na86bvBd/UxMxXidE1sHb+bqSNAAWEw4UKd/+WHVyTc6BlzPpsVuU+chRI6
rQ+Iq0+8YWNqXYsRtHnLTEjdZ0B2PiPZGwu+bNA1j30BbXEz/mb6uJWLhCouBJvK
7w2gan8YMOa7g7JWg+eF0HIdJ2xLHzDxHKN2mAYt6U/t4t0W0ewsTcc61YvoAqx7
5IWoMcMq7g897Qayg0gbWsVVEQkKbQVLxpkklhn2PW3elai7LeOXcc5ZEAOqut9h
Mhn0ZU4i9X1fIVFmKnbCERQ2aX5cCZKiWsm7k3TwrzlaevU9zK9hgM0dfZGeAc8E
kSImV4ATW2AiO0KLBUepEB+FK00x8IvXzvlviIdVaNebvy9BdHIB2Br146tkVPQ9
eycb8gQDP+1P6IpA9iBQRTmQ2pBqlNXpc3pO156yDrQXAgBL8AW0q23lrjXI7iU8
Zni4c5sPjZNqCZoDUYMyovDwOit5OZpxxFa9tNqSnfHFxQdVgjViwJQj9GEmsSdV
m2k/c+MQkEoyxUIFAzVOnpFtwmTpeHCfMrKZES1dVNn6kkfGW0frU2DbVJFuDvYH
ANAayFplBv1LGSw03HBC
=M3k7
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]