Upstream has issued an advisory on February 20: https://www.phpmyadmin.net/security/PMASA-2018-1/ phpMyAdmin 4.7.8 has been released, fixing this issue: https://www.phpmyadmin.net/news/2018/2/20/security-fix-phpmyadmin-478-released/ Mageia 6 is also affected.
Status comment: (none) => Fixed upstream in 4.7.8Whiteboard: (none) => MGA6TOO
Thanks for the report. Version 4.7.8 submitted to cauldron and MGA6.
Assignee: lists.jjorge => qa-bugsCC: (none) => lists.jjorgeStatus: NEW => ASSIGNED
Mageia 6 update hasn't been pushed yet.
Assignee: qa-bugs => lists.jjorgeVersion: Cauldron => 6Whiteboard: MGA6TOO => (none)
Assignee: lists.jjorge => qa-bugs
(In reply to David Walser from comment #2) > Mageia 6 update hasn't been pushed yet. You are right, now it is pushed.
Advisory: ======================== Updated phpmyadmin package fixes security vulnerability: A self-cross site scripting (XSS) vulnerability has been reported relating to the central columns feature (CVE-2018-7260). References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7260 https://www.phpmyadmin.net/security/PMASA-2018-1/ https://www.phpmyadmin.net/files/4.7.8/ https://www.phpmyadmin.net/news/2018/2/20/security-fix-phpmyadmin-478-released/ ======================== Updated packages in core/updates_testing: ======================== phpmyadmin-4.7.8-1.mga6 from phpmyadmin-4.7.8-1.mga6.src.rpm
Advisory uploaded.
Keywords: (none) => advisory
Testing M6/64 AFTER update to: phpmyadmin-4.7.8-1.mga6 http://localhost/phpmyadmin Chose UK English language at login, created a database, one table, 4 different fields, first made unique & index, inserted rows, edited data, deleted by row, deleted table, deleted the DB. All looks OK, so OKing & validating the update as it has nothing to do with the current Qt update.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA6-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0156.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED