Date: Fri, 18 Jul 2014 07:02:34 +0000 (UTC) From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r362180 - head/security/vuxml Message-ID: <201407180702.s6I72Ydm084644@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: matthew Date: Fri Jul 18 07:02:34 2014 New Revision: 362180 URL: http://svnweb.freebsd.org/changeset/ports/362180 QAT: https://qat.redports.org/buildarchive/r362180/ Log: Yet another tranche of phpMyAdmin security alerts. In typical style there has been a software release with warnings that it contains security fixes, but the Security Advisories are not yet available and CVE numbers have not yet been published. Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Jul 18 07:02:18 2014 (r362179) +++ head/security/vuxml/vuln.xml Fri Jul 18 07:02:34 2014 (r362180) @@ -57,6 +57,43 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="3f09ca29-0e48-11e4-b17a-6805ca0b3d42"> + <topic>phpMyAdmin -- multiple XSS vulnerabilities, missing validation</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>4.2.0</ge><lt>4.2.6</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php">; + <p>XSS injection due to unescaped table comment.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php">; + <p>XSS injection due to unescaped table name (triggers).</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php">; + <p>XSS in AJAX confirmation messages.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php">; + <p>Missing validation for accessing User groups feature.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php</url>; + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php</url>; + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php</url>; + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php</url>; + </references> + <dates> + <discovery>2014-07-18</discovery> + <entry>2014-07-18</entry> + </dates> + </vuln> + <vuln vid="3718833e-0d27-11e4-89db-000c6e25e3e9"> <topic>chromium -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201407180702.s6I72Ydm084644>