[SECURITY] [DLA 336-1] phpmyadmin security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 336-1] phpmyadmin security update
From: Thijs Kinkhorst <thijs@debian.org>
Date: Wed, 28 Oct 2015 20:55:06 +0100 (CET)
Message-id: <[🔎] 20151028195506.EE8E759DA2@kinkhorst.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : phpmyadmin
Version        : 4:3.3.7-9
CVE ID         : CVE-2014-8958 CVE-2014-9218 CVE-2015-2206 CVE-2015-3902

Several issues have been fixed in phpMyAdmin, the web administration
tool for MySQL.

CVE-2014-8958

    Multiple cross-site scripting (XSS) vulnerabilities.

CVE-2014-9218

    Denial of service (resource consumption) via a long password.

CVE-2015-2206

    Risk of BREACH attack due to reflected parameter.

CVE-2015-3902

    XSRF/CSRF vulnerability in phpMyAdmin setup.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBCAAGBQJWMSgCAAoJEFb2GnlAHawExCcH/3GndkN3P49XdjJrku0SCjfJ
/nUa1WRlwjhEQOYIn5PyYyszlAO7C92nzyvOiFrSa7CklEIwBnjStOBsW5kig2Ps
9FcRqOIRudDQnafNYwDcYdhcJU5JSuzL03+Mj0a87t5Qi3jOqMfR3UYS1x98lTz3
WUjrdc8Ec6My4UKlNTPz/nioyKPfw9G/Sw3/wsptIIB6Q1dVHFV+fZSPYoHIZ02C
Bl6qxhfMCM0pqVKjrHM3duKSm1d76ub8nloEkDNTuUr7dFCTA3pR0ypzRTU/ajoG
y4nKJI/NAOmXlis34luyV98GUMokJCnnq/jlmwXaG2Pz2JTLWgjUb0JteVDWzrY=
=DwPk
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 334-2] libxml2 regression update
Next by Date: [SECURITY] [DLA 335-1] ntp security update
Previous by thread: [SECURITY] [DLA 334-2] libxml2 regression update
Next by thread: [SECURITY] [DLA 335-1] ntp security update
Index(es):
- Date
- Thread