Accepting request 761881 from server:php:applications

fix for boo#1160456 (PMASA-2020-1, CVE-2020-5504) (forwarded request 761879 from computersalat)

OBS-URL: https://build.opensuse.org/request/show/761881
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/phpMyAdmin?expand=0&rev=162
This commit is contained in:
Dominique Leuenberger 2020-01-08 16:57:29 +00:00 committed by Git OBS Bridge
commit 44c9416583
6 changed files with 34 additions and 23 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:b7178fefbbb373af8c9586d0f6f70ee9994301723dd3160204078dcbe4d8fa6b
size 6136280

View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAl4EzUcACgkQznUvF4JZ
vZKK4g/9G1tY68osrSXm4R8Tk4u8AK7egceDAs/FN8AEirnAcpyijmb6Oo+Gs5Po
v8smCpHu/niisnE8sfsA7BghVDJ9tvlXHllXVafrxlO2AeXvzWtCfwYz6lUv8LVF
Wo7vAepbAP4ZDCluphmUaXptr6cBKq7bHIXrTgceqaoib+OiItauI5l7VvVNzfp2
phnd5IPVS/YfhA65vBHGRlyHQI3jvULFRaeOioEBmWPn8cZ+MVAQJDvGPIORjlvf
J8kePm+V93P0EQ7+XDL2OTGNr8A3zxd+mvgPZ3G7cRh/oREbQhwhrSqXffaHXnsk
X42rtnEuzJcDRjQl/2TemKug8kBLV7lZx755m9BrT3jdWlXLSq3EjkxN5u6LgI8x
rgdITl6nUyovidUJdoEXQjlEHzu8S7lkjmidXElJpdNG3rYj62N3KAzwlWLqANpJ
3AL4/EDeWXFisKCnYbpgoCFyL0cGbnba61VP3bWMiypIpL8AmA1P0y4vJtEbk3qz
+m14gxMHjuD1/jqCRSfpe6RHyX01H1GWQv3HS6sB01VlWYgSUiFDkR9ums8uykRC
eEpTttzWu/5JHeZyQ1IeQI8JE2QT6iDS/schyF3yMr0yCztAu8a219fYa1xlrx26
yjPG8sj/heTA3KXpsxpqobyXiqtZVVlR63HNBv2pcUV16LAansc=
=RZ7Z
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c3d2eb2a0a06c40f7df9ee3bfe8daaea326bdf2ebc35f83e7dfd05eb0247b6bf
size 6134852

View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAl4VN/QACgkQznUvF4JZ
vZLsihAAhJ65Cbv7d8jaCio2DlvUXBGrm1sEsOOC8utS4Kz4Ui6VWY98/Ra2Lz7n
tY/XOaSSDBzVRvLygwO55zK6nd/LiDn6HOfogiq1yTmqcy4ctTkSqFgGuv3pgx7G
PGadjasiQJgrczxpQHWToYgxbJPaggyhg3WsDoCasAkh06NSZobqKUSu4Gk4wTCO
9UlECby0tBdjgphu7Ot/yD5Ck/YsPCfbM2yzUiRUt2cYqOnqv5HcAyZPzHzpHdik
bhjhYJzH1jqWdsl/0lJJZRMt6yFJIH/KfiN/Zu+eCmNsa3s7wWSqXq8eAvi7ipW6
/svH+/68Gj26jKdlfzocfoDpUlzdSVpeEEU2INff+7/iU6IUp0uBZXJKX7xOvMa5
RYXsY3CMDhGqv5FsGhuDLKWQOffkxC9M++bpg8JVvr0vJceQ4caMJ82zftGA/tO0
pJjBob4zb9QZEqKMAytcLROaCC3KrqsN1kIXEu/koQaETqxbIGxxH9rCFLpNo+yT
rPKp8uZJ6dCoarQ5srFYpkhXCVKgrO2Fuz3lyOuoPK+mAtvDWXJznsPK/41xYDWQ
nMGupQyt1Ytct2nnBZIeQFK4NxM8qVAFpQ7ZPkqtRP//0p0qTiY5OP87YKsC2yTv
EEx4CDB09kV/xMf5wIkaf1xHAPTps7YZrSUyC+HnmayixjwUb3k=
=7XQt
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,14 @@
-------------------------------------------------------------------
Wed Jan 8 14:26:20 UTC 2020 - chris@computersalat.de
- update to 4.9.4 (2020-01-07)
* https://github.com/phpmyadmin/phpmyadmin/blob/RELEASE_4_9_4/ChangeLog
- fix for boo#1160456
* PMASA-2020-1 (CVE-2020-5504, CWE-661)
https://www.phpmyadmin.net/security/PMASA-2020-1/
- SQL injection in user accounts page
- fix changes about corresponding PMASA
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Dec 30 15:41:02 UTC 2019 - ecsos@opensuse.org Mon Dec 30 15:41:02 UTC 2019 - ecsos@opensuse.org
@ -15,7 +26,7 @@ Mon Dec 30 15:41:02 UTC 2019 - ecsos@opensuse.org
Sat Nov 23 09:42:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> Sat Nov 23 09:42:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
- phpMyAdmin 4.9.2: - phpMyAdmin 4.9.2:
* CVE-2019-18622: SQL injection in Designer feature (boo#1157614) * CVE-2019-18622: SQL injection in Designer feature (PMASA-2019-5, boo#1157614)
* Fixes for "Failed to set session cookie" error * Fixes for "Failed to set session cookie" error
* Advisor with MySQL 8.0.3 and newer * Advisor with MySQL 8.0.3 and newer
* Fix PHP deprecation errors * Fix PHP deprecation errors
@ -32,7 +43,7 @@ Sat Nov 23 09:42:06 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
Sat Sep 21 19:16:35 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de> Sat Sep 21 19:16:35 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
- phpMyAdmin 4.9.1: - phpMyAdmin 4.9.1:
* CVE-2019-12922: hardening against CSRF (boo#1150914) * CVE-2019-12922: hardening against CSRF (no PMASA, boo#1150914)
* Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13 * Editing columns with CURRENT_TIMESTAMP for MySQL versions 8.0.13
and newer and newer
* Compatibility issues with PHP 8 * Compatibility issues with PHP 8

View File

@ -1,7 +1,7 @@
# #
# spec file for package phpMyAdmin # spec file for package phpMyAdmin
# #
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2020 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -29,7 +29,7 @@
%define ap_grp nogroup %define ap_grp nogroup
%endif %endif
Name: phpMyAdmin Name: phpMyAdmin
Version: 4.9.3 Version: 4.9.4
Release: 0 Release: 0
Summary: Administration of MySQL over the web Summary: Administration of MySQL over the web
License: GPL-2.0-or-later License: GPL-2.0-or-later