Announcement-ID: PMASA-2017-2
Date: 2017-01-24
php-gettext code execution
The php-gettext library can suffer from a code execution vulnerability. However, there is no way to trigger this inside phpMyAdmin.
We consider this to be minor.
phpMyAdmin is not vulnerable; we're just fixing a bug in an embedded library which can not be exploited within phpMyAdmin.
Upgrade to phpMyAdmin 4.6.6, 4.4.15.10, or 4.0.10.19 or newer or apply patch listed below.
The issue in phpMyAdmin codebase was spotted by Michal Čihař, the original issue has been fixed in php-gettext in 2015 without issuing CVE.
Assigned CVE ids: CVE-2015-8980
CWE ids: CWE-661
The following commits have been made on the 4.6 branch to fix this issue:
The following commits have been made on the 4.4 branch to fix this issue:
The following commits have been made on the 4.0 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.