Updated phpseclib and phpmyadmin packages fix security vulnerabilityPublication date: 25 Feb 2014
Affected Mageia releases : 3 , 4
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action (CVE-2014-1879). This upgrade provides the latest phpmyadmin version (4.1.8) to address this vulnerability. Additionally the phpseclib package has been added in Mageia 3 and updated in Mageia 4, due to new dependencies.