diff options
| author | matthew <matthew@FreeBSD.org> | 2012-03-29 07:50:41 +0800 |
|---|---|---|
| committer | matthew <matthew@FreeBSD.org> | 2012-03-29 07:50:41 +0800 |
| commit | 92a440db7f24fedf797ac952af69ce50ce44ba5a (patch) | |
| tree | 3462e2ae5d05c992f8365c5f6afec6c0b1d35334 /security/vuxml | |
| parent | f567f60f9e1dbbfecc1fe3b4760604c31a310125 (diff) | |
| download | freebsd-ports-gnome-92a440db7f24fedf797ac952af69ce50ce44ba5a.tar.gz freebsd-ports-gnome-92a440db7f24fedf797ac952af69ce50ce44ba5a.tar.zst freebsd-ports-gnome-92a440db7f24fedf797ac952af69ce50ce44ba5a.zip | |
Another phpmyadmin security update.
ChangeLog:
http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.10.2/phpMyAdmin-3.4.10.2-notes.html/download
Welcome to phpMyAdmin 3.4.10.2, a minor security release.
3.4.10.2 (2012-03-28)
- [security] Fixed local path disclosure vulnerability, see PMASA-2012-2
Advisory:
http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php
Approved by: shaun (mentor)
Feature safe: yes
Security: a81161d2-790f-11e1-ac16-e0cb4e266481
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8a3b34ca68a4..9518b493c448 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,38 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a81161d2-790f-11e1-ac16-e0cb4e266481"> + <topic>phpMyAdmin -- Path disclosure due to missing verification of file presence</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><gt>3.4</gt><lt>3.4.10.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMYAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php"> + <p>The show_config_errors.php scripts did not validate the + presence of the configuration file, so an error message + shows the full path of this file, leading to possible + further attacks. For the error messages to be displayed, + php.ini's error_reporting must be set to E_ALL and + display_errors must be On (these settings are not + recommended on a production server in the PHP manual).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-1902</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php</url> + </references> + <dates> + <discovery>2012-03-28</discovery> + <entry>2012-03-28</entry> + </dates> + </vuln> + <vuln vid="b8f0a391-7910-11e1-8a43-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |