From 930a63549c835407bca616d71f98f34ae1d51d8f98597f475025b4c2d9b82229 Mon Sep 17 00:00:00 2001 From: Christian Wittmer Date: Wed, 8 Jan 2020 14:52:55 +0000 Subject: [PATCH] Accepting request 761879 from home:computersalat:devel:php fix for boo#1160456 (PMASA-2020-1, CVE-2020-5504) OBS-URL: https://build.opensuse.org/request/show/761879 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=343 --- phpMyAdmin-4.9.3-all-languages.tar.xz | 3 --- phpMyAdmin-4.9.3-all-languages.tar.xz.asc | 16 ---------------- phpMyAdmin-4.9.4-all-languages.tar.xz | 3 +++ phpMyAdmin-4.9.4-all-languages.tar.xz.asc | 16 ++++++++++++++++ phpMyAdmin.changes | 15 +++++++++++++-- phpMyAdmin.spec | 4 ++-- 6 files changed, 34 insertions(+), 23 deletions(-) delete mode 100644 phpMyAdmin-4.9.3-all-languages.tar.xz delete mode 100644 phpMyAdmin-4.9.3-all-languages.tar.xz.asc create mode 100644 phpMyAdmin-4.9.4-all-languages.tar.xz create mode 100644 phpMyAdmin-4.9.4-all-languages.tar.xz.asc diff --git a/phpMyAdmin-4.9.3-all-languages.tar.xz b/phpMyAdmin-4.9.3-all-languages.tar.xz deleted file mode 100644 index 8fd0b2d..0000000 --- a/phpMyAdmin-4.9.3-all-languages.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:b7178fefbbb373af8c9586d0f6f70ee9994301723dd3160204078dcbe4d8fa6b -size 6136280 diff --git a/phpMyAdmin-4.9.3-all-languages.tar.xz.asc b/phpMyAdmin-4.9.3-all-languages.tar.xz.asc deleted file mode 100644 index a8253cf..0000000 --- a/phpMyAdmin-4.9.3-all-languages.tar.xz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAl4EzUcACgkQznUvF4JZ -vZKK4g/9G1tY68osrSXm4R8Tk4u8AK7egceDAs/FN8AEirnAcpyijmb6Oo+Gs5Po -v8smCpHu/niisnE8sfsA7BghVDJ9tvlXHllXVafrxlO2AeXvzWtCfwYz6lUv8LVF -Wo7vAepbAP4ZDCluphmUaXptr6cBKq7bHIXrTgceqaoib+OiItauI5l7VvVNzfp2 -phnd5IPVS/YfhA65vBHGRlyHQI3jvULFRaeOioEBmWPn8cZ+MVAQJDvGPIORjlvf -J8kePm+V93P0EQ7+XDL2OTGNr8A3zxd+mvgPZ3G7cRh/oREbQhwhrSqXffaHXnsk -X42rtnEuzJcDRjQl/2TemKug8kBLV7lZx755m9BrT3jdWlXLSq3EjkxN5u6LgI8x -rgdITl6nUyovidUJdoEXQjlEHzu8S7lkjmidXElJpdNG3rYj62N3KAzwlWLqANpJ -3AL4/EDeWXFisKCnYbpgoCFyL0cGbnba61VP3bWMiypIpL8AmA1P0y4vJtEbk3qz -+m14gxMHjuD1/jqCRSfpe6RHyX01H1GWQv3HS6sB01VlWYgSUiFDkR9ums8uykRC -eEpTttzWu/5JHeZyQ1IeQI8JE2QT6iDS/schyF3yMr0yCztAu8a219fYa1xlrx26 -yjPG8sj/heTA3KXpsxpqobyXiqtZVVlR63HNBv2pcUV16LAansc= -=RZ7Z ------END PGP SIGNATURE----- diff --git a/phpMyAdmin-4.9.4-all-languages.tar.xz b/phpMyAdmin-4.9.4-all-languages.tar.xz new file mode 100644 index 0000000..f866c7b --- /dev/null +++ b/phpMyAdmin-4.9.4-all-languages.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c3d2eb2a0a06c40f7df9ee3bfe8daaea326bdf2ebc35f83e7dfd05eb0247b6bf +size 6134852 diff --git a/phpMyAdmin-4.9.4-all-languages.tar.xz.asc b/phpMyAdmin-4.9.4-all-languages.tar.xz.asc new file mode 100644 index 0000000..b702bbd --- /dev/null +++ b/phpMyAdmin-4.9.4-all-languages.tar.xz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAl4VN/QACgkQznUvF4JZ +vZLsihAAhJ65Cbv7d8jaCio2DlvUXBGrm1sEsOOC8utS4Kz4Ui6VWY98/Ra2Lz7n +tY/XOaSSDBzVRvLygwO55zK6nd/LiDn6HOfogiq1yTmqcy4ctTkSqFgGuv3pgx7G +PGadjasiQJgrczxpQHWToYgxbJPaggyhg3WsDoCasAkh06NSZobqKUSu4Gk4wTCO +9UlECby0tBdjgphu7Ot/yD5Ck/YsPCfbM2yzUiRUt2cYqOnqv5HcAyZPzHzpHdik +bhjhYJzH1jqWdsl/0lJJZRMt6yFJIH/KfiN/Zu+eCmNsa3s7wWSqXq8eAvi7ipW6 +/svH+/68Gj26jKdlfzocfoDpUlzdSVpeEEU2INff+7/iU6IUp0uBZXJKX7xOvMa5 +RYXsY3CMDhGqv5FsGhuDLKWQOffkxC9M++bpg8JVvr0vJceQ4caMJ82zftGA/tO0 +pJjBob4zb9QZEqKMAytcLROaCC3KrqsN1kIXEu/koQaETqxbIGxxH9rCFLpNo+yT +rPKp8uZJ6dCoarQ5srFYpkhXCVKgrO2Fuz3lyOuoPK+mAtvDWXJznsPK/41xYDWQ +nMGupQyt1Ytct2nnBZIeQFK4NxM8qVAFpQ7ZPkqtRP//0p0qTiY5OP87YKsC2yTv +EEx4CDB09kV/xMf5wIkaf1xHAPTps7YZrSUyC+HnmayixjwUb3k= +=7XQt +-----END PGP SIGNATURE----- diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index 19dbbbb..b02e21b 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Wed Jan 8 14:26:20 UTC 2020 - chris@computersalat.de + +- update to 4.9.4 (2020-01-07) + * https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_4_9_4/ChangeLog +- fix for boo#1160456 + * PMASA-2020-1 (CVE-2020-5504, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2020-1/ + - SQL injection in user accounts page +- fix changes about corresponding PMASA + ------------------------------------------------------------------- Mon Dec 30 15:41:02 UTC 2019 - ecsos@opensuse.org @@ -15,7 +26,7 @@ Mon Dec 30 15:41:02 UTC 2019 - ecsos@opensuse.org Sat Nov 23 09:42:06 UTC 2019 - Andreas Stieger - phpMyAdmin 4.9.2: - * CVE-2019-18622: SQL injection in Designer feature (boo#1157614) + * CVE-2019-18622: SQL injection in Designer feature (PMASA-2019-5, boo#1157614) * Fixes for "Failed to set session cookie" error * Advisor with MySQL 8.0.3 and newer * Fix PHP deprecation errors @@ -32,7 +43,7 @@ Sat Nov 23 09:42:06 UTC 2019 - Andreas Stieger Sat Sep 21 19:16:35 UTC 2019 - Andreas Stieger - phpMyAdmin 4.9.1: - * CVE-2019-12922: hardening against CSRF (boo#1150914) + * CVE-2019-12922: hardening against CSRF (no PMASA, boo#1150914) * Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 and newer * Compatibility issues with PHP 8 diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index 4eff77d..fbe425b 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -1,7 +1,7 @@ # # spec file for package phpMyAdmin # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -29,7 +29,7 @@ %define ap_grp nogroup %endif Name: phpMyAdmin -Version: 4.9.3 +Version: 4.9.4 Release: 0 Summary: Administration of MySQL over the web License: GPL-2.0-or-later