Bug 333661 (CVE-2007-5589)

Summary: phpMyAdmin 2.11.1.2 is released (fixes CVE-2007-5386, CVE-2007-5589)
Product: [Fedora] Fedora Reporter: Robert Scheck <redhat-bugzilla>
Component: phpMyAdminAssignee: Mike McGrath <mmcgrath>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: low    
Version: 8CC: lkundrak, thoger
Target Milestone: ---Keywords: Reopened, Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
Whiteboard:
Fixed In Version: 2.11.2.2-1.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-22 03:34:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 299831    
Bug Blocks:    

Description Robert Scheck 2007-10-16 07:48:09 UTC 
Description of problem:
PhpMyAdmin 2.11.1.1 was released on October 15th, 2007 and Fedora Development 
hangs still around the older 2.11.0. And the release 2.11.1.1 fixes a security 
issue: PMASA-2007-5

Version-Release number of selected component (if applicable):
phpMyAdmin-2.11.0-1

Expected results:
phpMyAdmin-2.11.1.1-1 or newer ;-)

Additional info:
A simple version bump did the trick for me.
Comment 1 Tomas Hoger 2007-10-18 07:55:04 UTC 
phpMyAdmin 2.11.1.2 was released with another fix for XSS issue:

http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6
Comment 2 Tomas Hoger 2007-10-18 07:59:50 UTC 
PMASA-2007-5 has CVE name CVE-2007-5386

Relevant SVN commits:

PMASA-2007-5
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10748
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10749

PMASA-2007-6
http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=10796
Comment 3 Robert Scheck 2007-10-18 17:31:26 UTC 
Tomas, thank you for updating this report.
Comment 4 Tomas Hoger 2007-10-22 11:18:05 UTC 
PMASA-2007-5 has CVE name CVE-2007-5386
PMASA-2007-6 has CVE name CVE-2007-5589
Comment 5 Robert Scheck 2007-10-29 10:19:45 UTC 
http://cvs.fedoraproject.org/viewcvs/devel/phpMyAdmin/
phpMyAdmin.spec?rev=1.12&view=markup
Comment 6 Fedora Update System 2007-10-29 19:07:38 UTC 
phpMyAdmin-2.11.1.2-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Mike McGrath 2007-10-29 19:15:34 UTC 
Grr bodhi
Comment 8 Fedora Update System 2007-11-01 21:23:04 UTC 
phpMyAdmin-2.11.2-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Lubomir Kundrak 2007-11-01 23:33:22 UTC 
And reopening this once again, to track this for F8 and not forget an update
once Werewolf is Gold.
Comment 10 Lubomir Kundrak 2007-11-09 18:38:30 UTC 
Mike: It seems that you have not updated Fedora 8 yet. Please do the update as
soon as possible.
Comment 12 Fedora Update System 2007-11-22 03:34:18 UTC 
phpMyAdmin-2.11.2.2-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2007-11-22 03:37:27 UTC 
phpMyAdmin-2.11.2.2-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.