Date: Wed, 25 May 2016 21:06:55 +0000 (UTC) From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r415865 - head/security/vuxml Message-ID: <201605252106.u4PL6tff089150@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: matthew Date: Wed May 25 21:06:54 2016 New Revision: 415865 URL: https://svnweb.freebsd.org/changeset/ports/415865 Log: Document two more phpMyAdmin vulnerabilities: PMSA-2016-14 and PMSA-2016-16. (For anyone wondering about the suspicious gap in the sequence: PMSA-2016-15 only affected unreleased code in their git master development branch) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed May 25 20:56:06 2016 (r415864) +++ head/security/vuxml/vuln.xml Wed May 25 21:06:54 2016 (r415865) @@ -58,6 +58,46 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="00ec1be1-22bb-11e6-9ead-6805ca0b3d42"> + <topic>phpmyadmin -- XSS and sebsitive data leakage</topic> + <affects> + <package> + <name>phpmyadmin</name> + <range><ge>4.6.0</ge><lt>4.6.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpmyadmin development team reports:</p> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-14/"> + <h2>Description</h2> + <p>Because user SQL queries are part of the URL, sensitive + information made as part of a user query can be exposed by + clicking on external links to attackers monitoring user GET + query parameters or included in the webserver logs.</p> + <h2>Severity</h2> + <p>We consider this to be non-critical.</p> + </blockquote> + <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-16/"> + <h2>Description</h2> + <p>A specially crafted attack could allow for special HTML + characters to be passed as URL encoded values and displayed + back as special characters in the page.</p> + <h2>Severity</h2> + <p>We consider this to be non-critical.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.phpmyadmin.net/security/PMASA-2016-14/</url> + <url>https://www.phpmyadmin.net/security/PMASA-2016-16/</url> + </references> + <dates> + <discovery>2016-05-25</discovery> + <entry>2016-05-25</entry> + </dates> + </vuln> + <vuln vid="b50f53ce-2151-11e6-8dd3-002590263bf5"> <topic>mediawiki -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201605252106.u4PL6tff089150>