There is a PHPMyAdmin update today for Debian. It fixes XSS bug in the table tracking feature and an XML import plugin vulnerability. The stable version of Debian (squeeze) and testing (wheezy) are affected.
Package : phpmyadmin
Vulnerability : several
Problem type : remote
Debian-specific: no
CVE ID : CVE-2011-1940 CVE-2011-3181 CVE-2011-4107
Debian Bug : 656247
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2011-4107
The XML import plugin allowed a remote attacker to read arbitrary
files via XML data containing external entity references.
CVE-2011-1940, CVE-2011-3181
Cross site scripting was possible in the table tracking feature,
allowing a remote attacker to inject arbitrary web script or HTML
