phpmyadmin (4:3.1.2-1ubuntu0.1) jaunty-security; urgency=low

  * SECURITY UPDATE: arbitrary file disclosure via directory traversal in
    bs_disp_as_mime_type.php
    - debian/patches/041-security-CVE-2009-1148.dpatch: check parameters
      before using in bs_disp_as_mime_type.php.
    - CVE-2009-1148
  * SECURITY UPDATE: arbitrary HTTP headers injection via CRLF injection in
    bs_disp_as_mime_type.php
    - Fixed in the CVE-2009-1148 patch
    - CVE-2009-1149
  * SECURITY UPDATE: code injection via multiple cross-site scripting
    vulnerabilities in display_export.lib.php
    - debian/patches/042-security-CVE-2009-1150.dpatch: strip special chars
      in libraries/display_export.lib.php.
    - CVE-2009-1150
  * SECURITY UPDATE: code injection via configuration files
    - debian/patches/043-security-CVE-2009-1285.dpatch: clean up key names
      in setup/lib/ConfigFile.class.php.
    - CVE-2009-1285
  * SECURITY UPDATE: code injection via cross-site scripting from crafted
    SQL bookmark
    - debian/patches/044-security-CVE-2009-2284.dpatch: strip special
      characters in libraries/common.lib.php and sql.php.
    - CVE-2009-2284

 -- Marc Deslauriers <email address hidden>   Sun, 05 Jul 2009 09:50:12 -0400