diff --git a/phpMyAdmin-config.patch b/phpMyAdmin-config.patch index 1a7d385..f4225ff 100644 --- a/phpMyAdmin-config.patch +++ b/phpMyAdmin-config.patch @@ -250,7 +250,7 @@ Index: libraries/vendor_config.php =================================================================== --- libraries/vendor_config.php.orig +++ libraries/vendor_config.php -@@ -17,25 +17,25 @@ if (! defined('PHPMYADMIN')) { +@@ -28,25 +28,25 @@ define('TEMP_DIR', './tmp/'); * Path to changelog file, can be gzip compressed. Useful when you want to * have documentation somewhere else, eg. /usr/share/doc. */ diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index ac58597..75182e5 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,11 +1,14 @@ +------------------------------------------------------------------- +Sun Jun 30 13:05:23 UTC 2019 - chris@computersalat.de + +- fix changelog + * add missing boo# with relation to CVE and PMASA +- rebase phpMyAdmin-config.patch + ------------------------------------------------------------------- Wed Jun 5 14:43:41 UTC 2019 - ecsos@opensuse.org - phpMyAdmin 4.9.0.1: - * CVE-2019-11768: PMASA-2019-3 is an SQL injection flaw in the - Designer feature - * CVE-2019-12616: PMASA-2019-4 is a CSRF attack that's possible - through the 'cookie' login form * Several issues with SYSTEM VERSIONING tables * Fixed json encode error in export * Fixed JavaScript events not activating on input @@ -24,6 +27,14 @@ Wed Jun 5 14:43:41 UTC 2019 - ecsos@opensuse.org * Fixed can not copy user on Percona Server 5.7 * Updated sql-parser to version 4.3.2, which fixes several parsing and linting problems +- fix for boo#1137497 + * PMASA-2019-4 (CVE-2019-12616, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2019-4/ + - CSRF vulnerability in login form +- fix for boo#1137496 + * PMASA-2019-3 (CVE-2019-11768, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2019-3/ + - SQL injection in Designer feature ------------------------------------------------------------------- Fri Feb 1 19:10:59 UTC 2019 - andreas.stieger@gmx.de