-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2008-39
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 10 Nov 2008
 Last revised: 10 Nov 2008

 Package: phpmyadmin

 Summary: Cross-site scripting (XSS) vulnerabilities

 More information:
    phpMyAdmin is a tool written in PHP intended to handle the
    administration of MySQL over the Web.

    We received an advisory from Masako Oono of NetAgent Co.,Ltd. via JPCERT/CC Vulnerability Handling Team
    and we wish to thank them for their work. A logged-in user (when using Microsoft Internet Explorer)
    can be subject of cross site scripting attack using several variables. This issue does not affect
    other browsers (tested with Mozilla Firefox, Google Chrome, Konqueror and Apple Safari). (PMASA-2008-8)

    A logged-in user can be subject of cross site scripting attack via the pmd_pdf.php script. (PMASA-2008-9)

 Affected Products:
    - Turbolinux Appliance Server 3.0 x64 Edition
    - Turbolinux Appliance Server 3.0


 <Turbolinux Appliance Server 3.0 x64 Edition>

   Source Packages
   Size: MD5

   phpmyadmin-2.11.9.3-1.src.rpm
      3118881 67427a8901ce4ad25ffef838bb687e96

   Binary Packages
   Size: MD5

   phpmyadmin-2.11.9.3-1.noarch.rpm
      4442270 807b4bf5139bc318d830c06a3e338da7

 <Turbolinux Appliance Server 3.0>

   Source Packages
   Size: MD5

   phpmyadmin-2.11.9.3-1.src.rpm
      3118881 67427a8901ce4ad25ffef838bb687e96

   Binary Packages
   Size: MD5

   phpmyadmin-2.11.9.3-1.noarch.rpm
      4442815 ee334d19cf85d816d6ffc2a7daa56887


 References:

 phpMyAdmin security announcement
   [PMASA-2008-8]
   http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-8
   [PMASA-2008-9]
   http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-9

 --------------------------------------------------------------------------
 Revision History
    10 Nov 2008 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2008 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkkX9N4ACgkQK0LzjOqIJMz7uwCgpAkGx51rD/PeIDVFmkHzMlO7
mQgAoKs+S/UYsk1yrkP0j9dGMpMz0O5T
=ZYeE
-----END PGP SIGNATURE-----