diff options
| author | matthew <matthew@FreeBSD.org> | 2013-08-04 20:13:50 +0800 |
|---|---|---|
| committer | matthew <matthew@FreeBSD.org> | 2013-08-04 20:13:50 +0800 |
| commit | ccd44088fb319dd8021a9b10bbeeef0bd5975375 (patch) | |
| tree | a8bd1cf4f9f79ca4b1ea1b0a7c059654973256ad /security/vuxml | |
| parent | d73e754e5ac43682f273991185a8fea4fd2e31af (diff) | |
| download | freebsd-ports-gnome-ccd44088fb319dd8021a9b10bbeeef0bd5975375.tar.gz freebsd-ports-gnome-ccd44088fb319dd8021a9b10bbeeef0bd5975375.tar.zst freebsd-ports-gnome-ccd44088fb319dd8021a9b10bbeeef0bd5975375.zip | |
- Security update of databases/phpmyadmin to 4.0.5
ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.5/phpMyAdmin-4.0.5-notes.html/download
SecurityAdvisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
- Deprecate databases/phpmyadmin35
This version is vulnerable to the 'clickjacking protection bypass'
problem fixed in 4.0.5, but the development team will not be
publishing a fix. "We have no solution for 3.5.x, due to the proposed
solution requiring JavaScript. We don't want to introduce a dependency
to JavaScript in the 3.5.x family."
Therefore deprecate this port and set expiry for one month. Please
upgrade to 4.0.5 instead.
Security: 17326fd5-fcfb-11e2-9bb9-6805ca0b3d42
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 9a596297e76b..e36f33ffc27c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="17326fd5-fcfb-11e2-9bb9-6805ca0b3d42"> + <topic>phpMyAdmin -- clickJacking protection can be bypassed</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><lt>4.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php"> + <p> phpMyAdmin has a number of mechanisms to avoid a + clickjacking attack, however these mechanisms either work + only in modern browser versions, or can be bypassed.</p> + <p>"We have no solution for 3.5.x, due to the proposed + solution requiring JavaScript. We don't want to introduce a + dependency to JavaScript in the 3.5.x family."</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php</url> + </references> + <dates> + <discovery>2013-08-04</discovery> + <entry>2013-08-04</entry> + </dates> + </vuln> + <vuln vid="69098c5c-fc4b-11e2-8ad0-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |