Comment 8 for bug 162599

phpmyadmin (4:2.9.1.1-2ubuntu1.1) feisty-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting via multiple vectors. (LP: #162599)
  * debian/patches/030_CVE-2007-1395.patch: Match </script> end tag case
    insensitively. Patch from Debian.
  * debian/patches/030_CVE-2007-2245.patch: Correctly sanitise input to
    browse_foreigners.php and PMA_sanitize. Patch from Debian.
  * debian/patches/031_CVE-2007-5386.patch: Sanitise non-URL-encoded query
    strings in scripts/setup.php. Patch from Debian.
  * debian/patches/031_CVE-2007-5589.patch: Sanitise PHP_SELF and PATH_INFO
    inputs in a number of places. Patch from Debian.
  * debian/patches/033_CVE-2007-6100.patch: Sanitise convcharset as displayed
    on authentication form.
  * References
    CVE-2007-1395
    CVE-2007-2245
    CVE-2007-5386
    CVE-2007-5589
    CVE-2007-6100
    PMASA-2007-4
    PMASA-2007-5
    PMASA-2007-6
    PMASA-2007-8

 -- William Grant <email address hidden> Wed, 28 Nov 2007 00:32:58 +1100