From 524f73f7705383f8b6d8559d054f6e48c1ce82350f89856c83a1ac4ee426066e Mon Sep 17 00:00:00 2001 From: Christian Wittmer Date: Tue, 19 Aug 2014 10:14:47 +0000 Subject: [PATCH 1/2] Accepting request 245122 from home:AndreasStieger:branches:server:php:applications phpMyAdmin 4.2.7.1 OBS-URL: https://build.opensuse.org/request/show/245122 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=132 --- phpMyAdmin-4.2.7-all-languages.tar.bz2 | 3 --- phpMyAdmin-4.2.7.1-all-languages.tar.bz2 | 3 +++ phpMyAdmin.changes | 11 +++++++++++ phpMyAdmin.spec | 2 +- 4 files changed, 15 insertions(+), 4 deletions(-) delete mode 100644 phpMyAdmin-4.2.7-all-languages.tar.bz2 create mode 100644 phpMyAdmin-4.2.7.1-all-languages.tar.bz2 diff --git a/phpMyAdmin-4.2.7-all-languages.tar.bz2 b/phpMyAdmin-4.2.7-all-languages.tar.bz2 deleted file mode 100644 index 98a4305..0000000 --- a/phpMyAdmin-4.2.7-all-languages.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:0a7c4978cc28e15ce0da4a90b0464f77d52e948a95ec29a9dc57573dce1f292d -size 6700473 diff --git a/phpMyAdmin-4.2.7.1-all-languages.tar.bz2 b/phpMyAdmin-4.2.7.1-all-languages.tar.bz2 new file mode 100644 index 0000000..4925382 --- /dev/null +++ b/phpMyAdmin-4.2.7.1-all-languages.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4079ac9e5e51153682bba24a89d615043ae10d4d527d4dce73f18d5721d38c51 +size 6707181 diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index bfab834..1203edc 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Mon Aug 18 18:13:29 UTC 2014 - andreas.stieger@gmx.de + +- phpMyAdmin 4.2.7.1: + - sf#4501 [security] XSS in table browse page + - sf#4502 [security] Self-XSS in enum value editor + - sf#4503 [security] Self-XSSes in monitor + - sf#4504 [security] Self-XSS in query charts + - sf#4505 [security] XSS in view operations page + - sf#4517 [security] XSS in relation view + ------------------------------------------------------------------- Thu Jul 31 21:38:39 UTC 2014 - ecsos@schirra.net diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index 4d7769c..dfc5499 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -34,7 +34,7 @@ Name: phpMyAdmin Summary: Administration of MySQL over the web License: GPL-2.0+ Group: Productivity/Networking/Web/Frontends -Version: 4.2.7 +Version: 4.2.7.1 Release: 0 Url: http://www.phpMyAdmin.net Source0: http://sourceforge.net/projects/phpmyadmin/files/%{name}-%{version}-all-languages.tar.bz2 From 228ac4ac98bbb8f15e2f325546dcf419e66b88918a03b901da0d9c5d5cec3bad Mon Sep 17 00:00:00 2001 From: Christian Wittmer Date: Tue, 19 Aug 2014 22:10:05 +0000 Subject: [PATCH 2/2] Accepting request 245220 from home:computersalat:devel:php fix changes file OBS-URL: https://build.opensuse.org/request/show/245220 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=133 --- phpMyAdmin.changes | 57 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 40 insertions(+), 17 deletions(-) diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index 1203edc..ca76c40 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,13 +1,24 @@ +------------------------------------------------------------------- +Tue Aug 19 21:46:14 UTC 2014 - chris@computersalat.de + +- fix changes file + * add missing PMASA / CVE info + ------------------------------------------------------------------- Mon Aug 18 18:13:29 UTC 2014 - andreas.stieger@gmx.de -- phpMyAdmin 4.2.7.1: - - sf#4501 [security] XSS in table browse page - - sf#4502 [security] Self-XSS in enum value editor - - sf#4503 [security] Self-XSSes in monitor - - sf#4504 [security] Self-XSS in query charts - - sf#4505 [security] XSS in view operations page - - sf#4517 [security] XSS in relation view +- fix for bnc#892401 + * update to 4.2.7.1 + * PMASA-2014-8 ( CVE-2014-5273, CWE-661 CWE-79) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php + - sf#4501 [security] XSS in table browse page + - sf#4502 [security] Self-XSS in enum value editor + - sf#4503 [security] Self-XSSes in monitor + - sf#4504 [security] Self-XSS in query charts + - sf#4517 [security] XSS in relation view + * PMASA-2014-9 ( CVE-2014-5274, CWE-661 CWE-79) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php + - sf#4505 [security] XSS in view operations page ------------------------------------------------------------------- Thu Jul 31 21:38:39 UTC 2014 - ecsos@schirra.net @@ -40,13 +51,21 @@ Fri Jul 18 17:24:08 UTC 2014 - ecsos@schirra.net creation - sf#4459 First few characters of database name aren't clickable when expanded - - sf#4486 [security] XSS injection due to unescaped table + - fix for PMASA-2014-4 ( CVE-2014-4954, CWE-661, CWE-79 ) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php + * sf#4486 [security] XSS injection due to unescaped table comment - - sf#4488 [security] XSS injection due to unescaped table name - (triggers) - - sf#4492 [security] XSS in AJAX confirmation messages - - sf#4491 [security] Missing validation for accessing User - groups feature + - fix for PMASA-2014-5 ( CVE-2014-4955, CWE-661, CWE-79 ) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php + * sf#4488 [security] XSS injection due to unescaped table name + (triggers) + - fix for PMASA-2014-6 ( CVE-2014-4986, CWE-661, CWE-79 ) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php + * sf#4492 [security] XSS in AJAX confirmation messages + - fix for PMASA-2014-7 ( CVE-2014-4987, CWE-661 ) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php + * sf#4491 [security] Missing validation for accessing User + groups feature ------------------------------------------------------------------- Thu Jun 26 19:34:06 UTC 2014 - ecsos@schirra.net @@ -74,10 +93,14 @@ Sat Jun 21 07:20:18 UTC 2014 - ecsos@schirra.net - bug Missing warning about existing account, on multi-server config - sf#4435 WHERE clause can be undefined - bug SQL export views as tables option getting ignored - - sf#4464 [security] XSS injection due to unescaped db/table name - in navigation hiding - - sf#4465 [security] XSS injection due to unescaped db/table name - in recent/favorite tables + * fix for PMASA-2014-3 ( CVE-2014-4349, CWE-661, CWE-79 ) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php + - sf#4464 [security] XSS injection due to unescaped db/table name + in navigation hiding + * fix for PMASA-2014-2 ( CVE-2014-4348, CWE-661, CWE-79 ) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php + - sf#4465 [security] XSS injection due to unescaped db/table name + in recent/favorite tables ------------------------------------------------------------------- Mon Jun 9 19:16:43 UTC 2014 - andreas.stieger@gmx.de