Re: stable update: phppgadmin 4.2.3-1.1squeeze1 possible XSS vulerability

To: Christoph Berg <myon@debian.org>
Cc: debian-release <debian-release@lists.debian.org>
Subject: Re: stable update: phppgadmin 4.2.3-1.1squeeze1 possible XSS vulerability
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Wed, 04 Apr 2012 20:05:52 +0100
Message-id: <[🔎] 1333566352.16478.14.camel@jacala.jungle.funky-badger.org>
In-reply-to: <[🔎] 20120404183643.GA20246@msgid.df7cb.de>
References: <[🔎] 20120404183643.GA20246@msgid.df7cb.de>

Hi,

On Wed, 2012-04-04 at 20:36 +0200, Christoph Berg wrote:
> would you consider this for a stable update?
[...]
> > phppgadmin 5.0.4 includes a fix for a possible XSS vulerability that
> > also affects 4.2.3-1.1squeeze1. There is no bug nor a CVE number, and
> > it is even unclear (to me) if this is exploitable. The patch doesn't
> > break the package, so I thought it might be a good idea to ask you if
> > you want this for a security advisory.
> > 
> > The unstable package 5.0.4-1 is of course already fixed.
> > 
> > Upstream fix:
> > https://github.com/ioguix/phppgadmin/commit/5f8a1f6307f095fb69050cef01109373b88b558e

I'd like to see a full debdiff for final confirmation but based on the
commit link above it looks suitable; thanks for working on fixing this
issue in stable.

Regards,

Adam

Reply to:

Follow-Ups:
- Re: stable update: phppgadmin 4.2.3-1.1squeeze1 possible XSS vulerability
  - From: Christoph Berg <myon@debian.org>

References:
- stable update: phppgadmin 4.2.3-1.1squeeze1 possible XSS vulerability
  - From: Christoph Berg <myon@debian.org>

Prev by Date: Re: iceweasel-l10n-all on mips
Next by Date: Re: iceweasel-l10n-all on mips
Previous by thread: stable update: phppgadmin 4.2.3-1.1squeeze1 possible XSS vulerability
Next by thread: Re: stable update: phppgadmin 4.2.3-1.1squeeze1 possible XSS vulerability
Index(es):
- Date
- Thread