Viewing all changes in revision 15.
- Committer: Bazaar Package Importer
- Date: 2007-11-28 00:32:58 UTC
- Revision ID: james.westby@ubuntu.com-20071128003258-hnhl1w138pi3ymmo
* SECURITY UPDATE: Cross-site scripting via multiple vectors. (LP: #162599)
* debian/patches/030_CVE-2007-1395.patch: Match </script> end tag case
insensitively. Patch from Debian.
* debian/patches/030_CVE-2007-2245.patch: Correctly sanitise input to
browse_foreigners.php and PMA_sanitize. Patch from Debian.
* debian/patches/031_CVE-2007-5386.patch: Sanitise non-URL-encoded query
strings in scripts/setup.php. Patch from Debian.
* debian/patches/031_CVE-2007-5589.patch: Sanitise PHP_SELF and PATH_INFO
inputs in a number of places. Patch from Debian.
* debian/patches/033_CVE-2007-6100.patch: Sanitise convcharset as displayed
on authentication form.
* References
CVE-2007-1395
CVE-2007-2245
CVE-2007-5386
CVE-2007-5589
CVE-2007-6100
PMASA-2007-4
PMASA-2007-5
PMASA-2007-6
PMASA-2007-8
* debian/patches/030_CVE-2007-1395.patch: Match </script> end tag case
insensitively. Patch from Debian.
* debian/patches/030_CVE-2007-2245.patch: Correctly sanitise input to
browse_foreigners.php and PMA_sanitize. Patch from Debian.
* debian/patches/031_CVE-2007-5386.patch: Sanitise non-URL-encoded query
strings in scripts/setup.php. Patch from Debian.
* debian/patches/031_CVE-2007-5589.patch: Sanitise PHP_SELF and PATH_INFO
inputs in a number of places. Patch from Debian.
* debian/patches/033_CVE-2007-6100.patch: Sanitise convcharset as displayed
on authentication form.
* References
CVE-2007-1395
CVE-2007-2245
CVE-2007-5386
CVE-2007-5589
CVE-2007-6100
PMASA-2007-4
PMASA-2007-5
PMASA-2007-6
PMASA-2007-8
expand all
collapse all
added
removed
