pool/phpMyAdmin
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 245220 from home:computersalat:devel:php

Browse Source 
fix changes file

OBS-URL: https://build.opensuse.org/request/show/245220
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=133
This commit is contained in:
Christian Wittmer 2014-08-19 22:10:05 +00:00 committed by Git OBS Bridge
parent 524f73f770
commit 228ac4ac98
1 changed files with 40 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
phpMyAdmin.changes
View File

@ -1,13 +1,24 @@
-------------------------------------------------------------------
Tue Aug 19 21:46:14 UTC 2014 - chris@computersalat.de
- fix changes file
* add missing PMASA / CVE info
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Aug 18 18:13:29 UTC 2014 - andreas.stieger@gmx.de Mon Aug 18 18:13:29 UTC 2014 - andreas.stieger@gmx.de
- phpMyAdmin 4.2.7.1: - fix for bnc#892401
- sf#4501 [security] XSS in table browse page * update to 4.2.7.1
- sf#4502 [security] Self-XSS in enum value editor * PMASA-2014-8 ( CVE-2014-5273, CWE-661 CWE-79)
- sf#4503 [security] Self-XSSes in monitor http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
- sf#4504 [security] Self-XSS in query charts - sf#4501 [security] XSS in table browse page
- sf#4505 [security] XSS in view operations page - sf#4502 [security] Self-XSS in enum value editor
- sf#4517 [security] XSS in relation view - sf#4503 [security] Self-XSSes in monitor
- sf#4504 [security] Self-XSS in query charts
- sf#4517 [security] XSS in relation view
* PMASA-2014-9 ( CVE-2014-5274, CWE-661 CWE-79)
http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
- sf#4505 [security] XSS in view operations page
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 31 21:38:39 UTC 2014 - ecsos@schirra.net Thu Jul 31 21:38:39 UTC 2014 - ecsos@schirra.net
@ -40,13 +51,21 @@ Fri Jul 18 17:24:08 UTC 2014 - ecsos@schirra.net
creation creation
- sf#4459 First few characters of database name aren't - sf#4459 First few characters of database name aren't
clickable when expanded clickable when expanded
- sf#4486 [security] XSS injection due to unescaped table - fix for PMASA-2014-4 ( CVE-2014-4954, CWE-661, CWE-79 )
http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php
* sf#4486 [security] XSS injection due to unescaped table
comment comment
- sf#4488 [security] XSS injection due to unescaped table name - fix for PMASA-2014-5 ( CVE-2014-4955, CWE-661, CWE-79 )
(triggers) http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php
- sf#4492 [security] XSS in AJAX confirmation messages * sf#4488 [security] XSS injection due to unescaped table name
- sf#4491 [security] Missing validation for accessing User (triggers)
groups feature - fix for PMASA-2014-6 ( CVE-2014-4986, CWE-661, CWE-79 )
http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
* sf#4492 [security] XSS in AJAX confirmation messages
- fix for PMASA-2014-7 ( CVE-2014-4987, CWE-661 )
http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php
* sf#4491 [security] Missing validation for accessing User
groups feature
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jun 26 19:34:06 UTC 2014 - ecsos@schirra.net Thu Jun 26 19:34:06 UTC 2014 - ecsos@schirra.net
@ -74,10 +93,14 @@ Sat Jun 21 07:20:18 UTC 2014 - ecsos@schirra.net
- bug Missing warning about existing account, on multi-server config - bug Missing warning about existing account, on multi-server config
- sf#4435 WHERE clause can be undefined - sf#4435 WHERE clause can be undefined
- bug SQL export views as tables option getting ignored - bug SQL export views as tables option getting ignored
- sf#4464 [security] XSS injection due to unescaped db/table name * fix for PMASA-2014-3 ( CVE-2014-4349, CWE-661, CWE-79 )
in navigation hiding http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php
- sf#4465 [security] XSS injection due to unescaped db/table name - sf#4464 [security] XSS injection due to unescaped db/table name
in recent/favorite tables in navigation hiding
* fix for PMASA-2014-2 ( CVE-2014-4348, CWE-661, CWE-79 )
http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php
- sf#4465 [security] XSS injection due to unescaped db/table name
in recent/favorite tables
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 9 19:16:43 UTC 2014 - andreas.stieger@gmx.de Mon Jun 9 19:16:43 UTC 2014 - andreas.stieger@gmx.de