phpmyadmin

The phpmyadmin update in DSA 1207 introduced a regression. This update
corrects this flaw. For completeness, please find below the original
advisory text:

>
> Several remote vulnerabilities have been discovered in phpMyAdmin, a
> program to administrate MySQL over the web. The Common Vulnerabilities
> and Exposures project identifies the following problems:
>
>
> * CVE-2005-3621
> CRLF injection vulnerability allows remote attackers to conduct
> HTTP response splitting attacks.
> * CVE-2005-3665
> Multiple cross-site scripting (XSS) vulnerabilities allow remote
> attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST
> variable and (2) various scripts in the libraries directory that
> handle header generation.
> * CVE-2006-1678
> Multiple cross-site scripting (XSS) vulnerabilities allow remote
> attackers to inject arbitrary web script or HTML via scripts in the
> themes directory.
> * CVE-2006-2418
> A cross-site scripting (XSS) vulnerability allows remote attackers
> to inject arbitrary web script or HTML via the db parameter of
> footer.inc.php.
> * CVE-2006-5116
> A remote attacker could overwrite internal variables through the
> _FILES global variable.
>
>
>

For the stable distribution (sarge) these problems have been fixed in
version 2.6.2-3sarge3.

For the upcoming stable release (etch) and unstable distribution (sid)
these problems have been fixed in version 2.9.0.3-1.

We recommend that you upgrade your phpmyadmin package.