phpmyadmin脆弱性

phpmyadminの脆弱性は、つぶしてもつぶしても、いくらでも出てくる印象がありますが、今回はDebian -- Security Information -- DSA-2034-1 phpmyadminから:

CVE - CVE-2008-7251 (under review)
phpMyAdmin may create a temporary directory, if the configured directory does not exist yet, with insecure filesystem permissions.

CVE - CVE-2008-7252 (under review)
phpMyAdmin uses predictable filenames for temporary files, which may lead to a local denial of service attack or privilege escalation.

CVE - CVE-2009-4605 (under review)
The setup.php script shipped with phpMyAdmin may unserialize untrusted data, allowing for cross site request forgery.