Bug 1125264 (CVE-2014-4955)

Summary: CVE-2014-4955 phpMyAdmin: self-XSS due to unescaped HTML output in database triggers page (PMASA-2014-5)
Product: [Other] Security Response Reporter: Vasyl Kaigorodov <vkaigoro>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ccoleman, dmcphers, jialiu, jokerman, jrusnack, kseifried, lmeyer, mmccomas, mmcgrath
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: phpMyAdmin 4.0.10.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-07 04:32:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1125268    

Description Vasyl Kaigorodov 2014-07-31 13:12:06 UTC
phpMyAdmin upstream released advisory [1] which fixes XSS in phpMyAdmin versions 4.0.x.
Upstream commit that fixes this issue could be found at [2]

[1]: http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php
[2]: https://github.com/phpmyadmin/phpmyadmin/commit/1b5592435617fa1b9dd68e2dc263de64c69fdc8a

Comment 1 Kurt Seifried 2014-09-07 04:32:09 UTC
This issue has been deferred.