Debian Bug report logs - #391090
phpmyadmin: security issue PMASA-2006-5

version graph

Package: phpmyadmin; Maintainer for phpmyadmin is Thijs Kinkhorst <>; Source for phpmyadmin is src:phpmyadmin.

Reported by: Laurent Bonnaud <>

Date: Wed, 4 Oct 2006 20:33:02 UTC

Severity: grave

Tags: fixed, security

Found in version phpmyadmin/4:2.8.2-0.2

Fixed in version phpmyadmin/4:

Done: Thijs Kinkhorst <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to, Piotr Roszatycki <>:
Bug#391090; Package phpmyadmin. Full text and rfc822 format available.

Acknowledgement sent to Laurent Bonnaud <>:
New Bug report received and forwarded. Copy sent to Piotr Roszatycki <>. Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Laurent Bonnaud <>
To: Debian BTS submission <>
Subject: phpmyadmin: security issue PMASA-2006-5
Date: Wed, 04 Oct 2006 19:36:50 +0200
Package: phpmyadmin
Version: 4:2.8.2-0.2
Severity: grave


the version of phpmyadmin currently in etch and sid is vulnerable to this attack:

Laurent Bonnaud.

Tags added: security Request was from Filipus Klutiero <> to Full text and rfc822 format available.

Tags added: fixed Request was from Thijs Kinkhorst <> to Full text and rfc822 format available.

Reply sent to Thijs Kinkhorst <>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Laurent Bonnaud <>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #14 received at (full text, mbox):

From: Thijs Kinkhorst <>
Subject: Bug#391090: fixed in phpmyadmin 4:
Date: Wed, 11 Oct 2006 07:02:31 -0700
Source: phpmyadmin
Source-Version: 4:

We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:

  to pool/main/p/phpmyadmin/phpmyadmin_2.9.0.2-1.diff.gz
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.0.2-1.dsc
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.0.2-1_all.deb

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Thijs Kinkhorst <> (supplier of updated phpmyadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.7
Date: Wed, 11 Oct 2006 14:46:37 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:
Distribution: unstable
Urgency: high
Maintainer: Thijs Kinkhorst <>
Changed-By: Thijs Kinkhorst <>
 phpmyadmin - Administrate MySQL over the WWW
Closes: 357972 374918 377748 378681 382139 385365 385889 390484 391090
 phpmyadmin (4: unstable; urgency=low
   * New maintainer, thanks Piotr for your previous work!
   * Acknowledge NMU's, thanks Steinar! (Closes: #378681)
   * Fix typo in debconf templates and unfuzzy that.
   * Tweak package description.
 phpmyadmin (4: unstable; urgency=high
   * Non-maintainer upload with maintainer consent.
   * Upgrade to latest upstream version to battle cross-site
     request forgery (PMASA-2006-5, CVE-2006-5116, CVE-2006-5117,
     closes: 391090).
   * New upstream also fixes broken database export functionality
     (closes: 374918) and database/table copy (closes: 390484).
   * Update translations:
     - Danish by Claus Hindsgaul (Closes: 357972).
     - Italian by Luca Monducci (Closes: 382139).
     - Spanish by Nacho Barrientos Arias (Closes: 385365).
 phpmyadmin (4:2.8.2-0.2) unstable; urgency=medium
   * Non-maintainer upload.
   * Fix issue with /var/www pointing to /usr/share/phpmyadmin.
     (Closes: #385889)
     * Make sure we install /var/www as a directory, since we make a symlink into
       it and we can't rely on it being there.
     * Explicitly link to /var/www/phpmyadmin instead of /var/www, to make sure
       we don't make a new /var/www even if it should be removed for some
 phpmyadmin (4:2.8.2-0.1) unstable; urgency=high
   * Non-maintainer upload.
   * New upstream release.
     * Fixes cross-site-scripting issues. [CVE-2006-3388] (Closes: #377748)
 f04e499e4cd8bbea1bf9acd2c3ebc536 638 web extra phpmyadmin_2.9.0.2-1.dsc
 e8776c4ec0bccaffadad0066caf42473 40920 web extra phpmyadmin_2.9.0.2-1.diff.gz
 cc3dcd590a8c9f949089f992e3ddf138 3565720 web extra phpmyadmin_2.9.0.2-1_all.deb

Version: GnuPG v1.4.5 (GNU/Linux)


Bug archived. Request was from Debbugs Internal Request <> to (Wed, 27 Jun 2007 02:30:53 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Thu Apr 17 18:46:31 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.