It was found that with a crafted URL, it was possible to trigger an XSS in the redirection mechanism in phpMyAdmin. Upstream patch: https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2 Upstream advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
Created phpMyAdmin tracking bugs for this issue: Affects: fedora-all [bug 1170605] Affects: epel-7 [bug 1170606]
phpMyAdmin-4.2.13.1-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.2.13.1-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.2.13.1-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.2.13.1-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.