15437 – phpmyadmin new security issue CVE-2015-2206

Bug 15437 - phpmyadmin new security issue CVE-2015-2206

Summary: phpmyadmin new security issue CVE-2015-2206

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	i586 Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:	http://lwn.net/Vulnerabilities/636947/
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-03-05 21:10 CET by David Walser
Modified:	2015-03-16 20:33 CET (History)
CC List:	0 users

See Also:
Source RPM:	phpmyadmin-4.2.13.1-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2015-03-05 21:10:31 CET

Upstream has issued an advisory on March 4:
http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php

Strangely, phpMyAdmin 4.1 is unaffected, while 4.0 is.  I have verified this in the code.  Therefore, Mageia 4 is unaffected.

Updated package committed in Cauldron SVN.  Freeze push requested.

Reproducible: 

Steps to Reproduce:

Comment 1 David Walser 2015-03-05 21:41:00 CET

Fixed in phpmyadmin-4.2.13.2-1.mga5.

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2015-03-16 20:33:08 CET

URL: (none) => http://lwn.net/Vulnerabilities/636947/

Note You need to log in before you can comment on or make changes to this bug.