[Bug 913846] Re: CVE-2010-4480
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jan 16 18:00:04 UTC 2012
Whoops, forgot the LP tag in the changelog. Closing this bug manually.
** Changed in: phpmyadmin (Ubuntu Lucid)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/913846
Title:
CVE-2010-4480
Status in “phpmyadmin” package in Ubuntu:
Fix Released
Status in “phpmyadmin” source package in Lucid:
Fix Released
Bug description:
From http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4480:
error.php in PhpMyAdmin 3.3.8.1, and other versions before
3.4.0-beta1, allows remote attackers to conduct cross-site scripting
(XSS) attacks via a crafted BBcode tag containing "@" characters, as
demonstrated using "[a at url@page]".
Attached patch solves the problem, taken from Debian's package.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/913846/+subscriptions
More information about the Ubuntu-sponsors
mailing list