svn commit: r415865 - head/security/vuxml
Matthew Seaman
matthew at FreeBSD.org
Wed May 25 21:06:56 UTC 2016
Author: matthew
Date: Wed May 25 21:06:54 2016
New Revision: 415865
URL: https://svnweb.freebsd.org/changeset/ports/415865
Log:
Document two more phpMyAdmin vulnerabilities: PMSA-2016-14 and
PMSA-2016-16.
(For anyone wondering about the suspicious gap in the sequence:
PMSA-2016-15 only affected unreleased code in their git master
development branch)
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed May 25 20:56:06 2016 (r415864)
+++ head/security/vuxml/vuln.xml Wed May 25 21:06:54 2016 (r415865)
@@ -58,6 +58,46 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="00ec1be1-22bb-11e6-9ead-6805ca0b3d42">
+ <topic>phpmyadmin -- XSS and sebsitive data leakage</topic>
+ <affects>
+ <package>
+ <name>phpmyadmin</name>
+ <range><ge>4.6.0</ge><lt>4.6.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpmyadmin development team reports:</p>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-14/">
+ <h2>Description</h2>
+ <p>Because user SQL queries are part of the URL, sensitive
+ information made as part of a user query can be exposed by
+ clicking on external links to attackers monitoring user GET
+ query parameters or included in the webserver logs.</p>
+ <h2>Severity</h2>
+ <p>We consider this to be non-critical.</p>
+ </blockquote>
+ <blockquote cite="https://www.phpmyadmin.net/security/PMASA-2016-16/">
+ <h2>Description</h2>
+ <p>A specially crafted attack could allow for special HTML
+ characters to be passed as URL encoded values and displayed
+ back as special characters in the page.</p>
+ <h2>Severity</h2>
+ <p>We consider this to be non-critical.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-14/</url>
+ <url>https://www.phpmyadmin.net/security/PMASA-2016-16/</url>
+ </references>
+ <dates>
+ <discovery>2016-05-25</discovery>
+ <entry>2016-05-25</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b50f53ce-2151-11e6-8dd3-002590263bf5">
<topic>mediawiki -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list