phpMyAdmin 3.4.8 was released to correct the following security flaws [1]: Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the view creation dialog. Using a crafted column type, it was possible to produce XSS in the table search and create index dialogs. Only phpMyAdmin 3.4.x is affected by this vulnerability. [1] http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php
Created phpMyAdmin tracking bugs for this issue Affects: fedora-all [bug 767668] Affects: epel-6 [bug 767670]
Created phpMyAdmin3 tracking bugs for this issue Affects: epel-5 [bug 767669]
phpMyAdmin-3.4.8-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-3.4.8-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-3.4.8-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin3-3.4.8-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.