[Bug 913846] Re: CVE-2010-4480
Ubuntu Foundation's Bug Bot
913846 at bugs.launchpad.net
Tue Jan 10 08:14:40 UTC 2012
The attachment "CVE-2010-4480.debdiff" of this bug report has been
identified as being a patch in the form of a debdiff. The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff. In the event that this is in
fact not a patch you can resolve this situation by removing the tag
'patch' from the bug report and editing the attachment so that it is not
flagged as a patch. Additionally, if you are member of the ubuntu-
sponsors team please also unsubscribe the team from this bug report.
[This is an automated message performed by a Launchpad user owned by
Brian Murray. Please contact him regarding any issues with the action
taken in this bug report.]
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/913846
Title:
CVE-2010-4480
Status in “phpmyadmin” package in Ubuntu:
New
Bug description:
From http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4480:
error.php in PhpMyAdmin 3.3.8.1, and other versions before
3.4.0-beta1, allows remote attackers to conduct cross-site scripting
(XSS) attacks via a crafted BBcode tag containing "@" characters, as
demonstrated using "[a at url@page]".
Attached patch solves the problem, taken from Debian's package.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/913846/+subscriptions
More information about the Ubuntu-sponsors
mailing list