Debian: DSA-2286-1: phpmyadmin security update
Summary
CVE-2011-2505
Possible session manipulation in Swekey authentication.
CVE-2011-2506
Possible code injection in setup script, in case session
variables are compromised.
CVE-2011-2507
Regular expression quoting issue in Synchronize code.
CVE-2011-2508
Possible directory traversal in MIME-type transformation.
CVE-2011-2642
Cross site scripting in table Print view when the attacker can
create crafted table names.
No CVE name yet
Possible superglobal and local variables manipulation in
Swekey authentication. (PMASA-2011-12)
The oldstable distribution (lenny) is only affected by CVE-2011-2642,
which has been fixed in version 2.11.8.1-5+lenny9.
For the stable distribution (squeeze), these problems have been fixed
in version 3.3.7-6.
For the testing distribution (wheezy) and unstable distribution (sid),
these problems have been fixed in version 3.4.3.2-1.
We recommend that you upgrade your phpymadmin packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org