|Main Archive Page > Month Archives > oss-security archives|
Hi Steve, vendors,
on 2010-08-30 phpMyAdmin published PMASA-2010-6 addressing one XSS:
Summary (from ):
XSS attack using debugging messages.
Description (from ):
It was possible to conduct a XSS attack using error messages in PHP backtrace.
Affected versions (from ):
For 3.x: versions before 3.3.6 are affected.
Branch 2.11.x is not affected by this
phpMyAdmin upstream seems to reference CVE-2010-3056 as CVE id to this flaw.
But CVE-2010-3056 was previously assigned to:
which affected both (from ):
For 2.11.x: versions before 184.108.40.206 are affected.
For 3.x: versions before 220.127.116.11 are affected.
so this is different issue and new CVE id should be allocated (due different
Could you please allocate one?
Thanks && Regards, Jan.
-- Jan iankko Lieskovsky / Red Hat Security Resposne Team