Nom du paquet
phpmyadmin
Date
2014-02-21
Advisory ID
MDVSA-2014:046
Affected versions
MES5 i586 , MBS1 x86_64 , MES5 x86_64

Problem description

A vulnerability has been discovered and corrected in phpmyadmin:

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin
before 4.1.7 allows remote authenticated users to inject arbitrary
web script or HTML via a crafted filename in an import action
(CVE-2014-1879).

This upgrade provides the latest phpmyadmin version (4.1.7) to address
this vulnerability.

Additionally phpseclib packages has been added due to new dependencies.

Updated packages

MES5 i586

 c263bd5b965453ba650bb81a711768eb  mes5/i586/phpmyadmin-4.1.7-0.1mdvmes5.2.noarch.rpm
 defc507ff8600e6188b7e405ea0bb008  mes5/i586/phpseclib-0.3.5-0.1mdvmes5.2.noarch.rpm 
 3774e20f2f2f66c79986b4882781b82f  mes5/SRPMS/phpmyadmin-4.1.7-0.1mdvmes5.2.src.rpm
 2243c59f2967dcb463ea444569013862  mes5/SRPMS/phpseclib-0.3.5-0.1mdvmes5.2.src.rpm

MBS1 x86_64

 385122f1d627a1107ab0bb93cd343984  mbs1/x86_64/phpmyadmin-4.1.7-1.mbs1.noarch.rpm
 a27ce27fa10c5750558198f78aaf6626  mbs1/x86_64/phpseclib-0.3.5-1.mbs1.noarch.rpm 
 f8a14ae4521da88c222fae2c4f2d409b  mbs1/SRPMS/phpmyadmin-4.1.7-1.mbs1.src.rpm
 7dadbad52a3e80ce9b6dc294db313202  mbs1/SRPMS/phpseclib-0.3.5-1.mbs1.src.rpm

MES5 x86_64

 dbc67b08ffc4c7a25a27d092e2bff4eb  mes5/x86_64/phpmyadmin-4.1.7-0.1mdvmes5.2.noarch.rpm
 7e740e3937991151e80fea25f8747a5b  mes5/x86_64/phpseclib-0.3.5-0.1mdvmes5.2.noarch.rpm 
 3774e20f2f2f66c79986b4882781b82f  mes5/SRPMS/phpmyadmin-4.1.7-0.1mdvmes5.2.src.rpm
 2243c59f2967dcb463ea444569013862  mes5/SRPMS/phpseclib-0.3.5-0.1mdvmes5.2.src.rpm

References