UbuntuUpdates.org

Package "phpliteadmin-themes"

Name: phpliteadmin-themes

Description:

web-based SQLite database admin tool - themes
Latest version: 1.9.7.1-1ubuntu0.3
Release: bionic (18.04)
Level: security
Repository: universe
Head package: phpliteadmin
Homepage: https://www.phpliteadmin.org/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "phpliteadmin-themes"

All arch deb package
APT INSTALL

Other versions of "phpliteadmin-themes" in Bionic

Repository Area Version
updates universe 1.9.7.1-1ubuntu0.3

Changelog

Version: 1.9.7.1-1ubuntu0.3 2022-08-08 12:06:20 UTC

  phpliteadmin (1.9.7.1-1ubuntu0.3) bionic-security; urgency=medium

  * SECURITY UPDATE: cross-site scripting (LP: #1964710)
    - debian/patches/Fix-post-num-XSS.patch:
      Forcibly cast input value to integer. Original fix.
    - CVE-2021-46709
  * Update PHP version to 7.2 in a directive comment for a2enconf(8).

 -- Nicholas Guriev <email address hidden> Sun, 22 May 2022 22:24:22 +0300
Source diff to previous version
1964710 XSS vulnerability in row_create
CVE-2021-46709 phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).

Version: 1.9.7.1-1ubuntu0.1 2018-05-02 00:06:40 UTC

  phpliteadmin (1.9.7.1-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: authentication bypass (LP: #1767723)
    - debian/patches/Fix-authentication-bypass.patch:
      replace == with === in password comparation in
      classes/Authorization.php. Based on upstream commit
    - CVE-2018-10362

 -- Nicholas Guriev <email address hidden> Sat, 28 Apr 2018 00:14:25 +0300
1767723 CVE-2018-10362: Authentication bypass
CVE-2018-10362 An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to loose comparison with '==' instead of '===' in classes/Authorization.php for th


About   -   Send Feedback to @ubuntu_updates