File _patchinfo of Package patchinfo.3288
<patchinfo incident="3288">
<issue id="908364" tracker="bnc">VUL-0: CVE-2014-9219: phpMyAdmin: XSS vulnerability in redirection mechanism</issue>
<issue id="908363" tracker="bnc">VUL-0: CVE-2014-9218: phpMyAdmin: DoS vulnerability with long passwords</issue>
<issue id="CVE-2014-9218" tracker="cve" />
<issue id="CVE-2014-9219" tracker="cve" />
<category>security</category>
<rating>moderate</rating>
<packager>AndreasStieger</packager>
<description>
phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8.
This update fixes one vulnerability.
- Security fixes:
* PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
- sf#4611 [security] DOS attack with long passwords
phpMyAdmin on openSUSE 13.2 was updated to 4.2.13.1 (2014-12-03)
- Security fixes:
* PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
- sf#4612 [security] XSS vulnerability in redirection mechanism
* PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363]
http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
- sf#4611 [security] DOS attack with long passwords
- Bugfixes:
- sf#4604 Query history not being deleted
- sf#4057 db/table query string parameters no longer work
- sf#4605 Unseen messages in tracking
- sf#4606 Tracking report export as SQL dump does not work
- sf#4607 Syntax error during db_copy operation
- sf#4608 SELECT permission issues with relations and restricted
access
</description>
<summary>Security update for phpMyAdmin</summary>
</patchinfo>