Re: CVE Request - phpMyAdmin: PMASA-2012-5 incident

[Marcus Meissner <meissner () suse de>]

On Tue, Sep 25, 2012 at 10:52:20AM -0400, Jan Lieskovsky wrote:
> Hello Kurt, Steve, vendors,
>
>   based on:
>   [1] http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php
>   [2] http://secunia.com/advisories/50703/
>
> looks (more from [1]): "One server from the SourceForge.net mirror
> system was distributing a phpMyAdmin kit containing a backdoor,
> allowing remotely to execute arbitrary PHP code."
>
> Could you allocate a CVE id for this? (I think it's appropriate)

FWIW, it is possible that this mirror has distributed more backdoored
software and not just phpMyAdmin.

Ciao, Marcus