Upstream has issued an advisory on September 13: http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php Freeze push requested for Cauldron. Updated packages uploaded for Mageia 3 and Mageia 4. Advisory: ======================== Updated phpmyadmin package fixes security vulnerability: In phpMyAdmin before 4.1.14.4, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature (CVE-2014-6300). References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6300 http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php ======================== Updated packages in core/updates_testing: ======================== phpmyadmin-4.1.14.4-1.mga3 phpmyadmin-4.1.14.4-1.mga4 from SRPMS: phpmyadmin-4.1.14.4-1.mga3.src.rpm phpmyadmin-4.1.14.4-1.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=12834#c7
Whiteboard: (none) => MGA3TOO has_procedure
Testing complete mga4 64
CC: (none) => stormiWhiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure MGA4-64-OK
Testing complete mga3 32
Whiteboard: MGA3TOO has_procedure MGA4-64-OK => MGA3TOO has_procedure mga3-32-ok MGA4-64-OK
Testing complete mga3 64
Whiteboard: MGA3TOO has_procedure mga3-32-ok MGA4-64-OK => MGA3TOO has_procedure mga3-32-ok mga3-64-ok MGA4-64-OK
Testing complete mga4 32
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok MGA4-64-OK => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok MGA4-64-OK
Validating. Advisory uploaded. Could sysadmin please push to 3 & 4 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok MGA4-64-OK => MGA3TOO has_procedure advisory mga3-32-ok mga3-64-ok mga4-32-ok MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0383.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/612813/