{"id":"MGASA-2014-0099","summary":"Updated phpseclib and phpmyadmin packages fix security vulnerability","details":"Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin\nbefore 4.1.7 allows remote authenticated users to inject arbitrary\nweb script or HTML via a crafted filename in an import action\n(CVE-2014-1879).\n\nThis upgrade provides the latest phpmyadmin version (4.1.8) to address\nthis vulnerability.\n\nAdditionally the phpseclib package has been added in Mageia 3 and updated in\nMageia 4, due to new dependencies.\n","modified":"2026-04-16T01:46:10.736626830Z","published":"2014-02-25T21:49:46Z","upstream":["CVE-2014-1879"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0099.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=12834"},{"type":"WEB","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php"},{"type":"ADVISORY","url":"http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2014:046/"}],"affected":[{"package":{"name":"phpseclib","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/phpseclib?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.5-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0099.json"}},{"package":{"name":"phpmyadmin","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/phpmyadmin?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.8-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0099.json"}},{"package":{"name":"phpseclib","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/phpseclib?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.5-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0099.json"}},{"package":{"name":"phpmyadmin","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/phpmyadmin?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.8-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0099.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}