Accepting request 245221 from server:php:applications

1

OBS-URL: https://build.opensuse.org/request/show/245221
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/phpMyAdmin?expand=0&rev=70

phpMyAdmin-4.2.7-all-languages.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:0a7c4978cc28e15ce0da4a90b0464f77d52e948a95ec29a9dc57573dce1f292d
-size 6700473

phpMyAdmin-4.2.7.1-all-languages.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:4079ac9e5e51153682bba24a89d615043ae10d4d527d4dce73f18d5721d38c51
+size 6707181

phpMyAdmin.changes

@@ -1,3 +1,25 @@
+-------------------------------------------------------------------
+Tue Aug 19 21:46:14 UTC 2014 - chris@computersalat.de
+
+- fix changes file
+  * add missing PMASA / CVE info
+
+-------------------------------------------------------------------
+Mon Aug 18 18:13:29 UTC 2014 - andreas.stieger@gmx.de
+
+- fix for bnc#892401
+  * update to 4.2.7.1
+  * PMASA-2014-8 ( CVE-2014-5273, CWE-661 CWE-79)
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
+    - sf#4501 [security] XSS in table browse page
+    - sf#4502 [security] Self-XSS in enum value editor
+    - sf#4503 [security] Self-XSSes in monitor
+    - sf#4504 [security] Self-XSS in query charts
+    - sf#4517 [security] XSS in relation view
+  * PMASA-2014-9 ( CVE-2014-5274, CWE-661 CWE-79)
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
+    - sf#4505 [security] XSS in view operations page
+
 -------------------------------------------------------------------
 Thu Jul 31 21:38:39 UTC 2014 - ecsos@schirra.net
 
@@ -29,12 +51,20 @@ Fri Jul 18 17:24:08 UTC 2014 - ecsos@schirra.net
     creation
   - sf#4459 First few characters of database name aren't 
     clickable when expanded
-  - sf#4486 [security] XSS injection due to unescaped table 
+  - fix for PMASA-2014-4 ( CVE-2014-4954, CWE-661, CWE-79 )
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php
+    * sf#4486 [security] XSS injection due to unescaped table 
     comment
-  - sf#4488 [security] XSS injection due to unescaped table name 
+  - fix for PMASA-2014-5 ( CVE-2014-4955, CWE-661, CWE-79 )
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php
+    * sf#4488 [security] XSS injection due to unescaped table name 
      (triggers)
-  - sf#4492 [security] XSS in AJAX confirmation messages
+  - fix for PMASA-2014-6 ( CVE-2014-4986, CWE-661, CWE-79 )
-  - sf#4491 [security] Missing validation for accessing User 
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
+    * sf#4492 [security] XSS in AJAX confirmation messages
+  - fix for PMASA-2014-7 ( CVE-2014-4987, CWE-661 )
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php
+    * sf#4491 [security] Missing validation for accessing User 
       groups feature
 
 -------------------------------------------------------------------
@@ -63,8 +93,12 @@ Sat Jun 21 07:20:18 UTC 2014 - ecsos@schirra.net
   - bug Missing warning about existing account, on multi-server config
   - sf#4435 WHERE clause can be undefined
   - bug SQL export views as tables option getting ignored
+  * fix for PMASA-2014-3 ( CVE-2014-4349, CWE-661, CWE-79 )
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-3.php
     - sf#4464 [security] XSS injection due to unescaped db/table name 
       in navigation hiding
+  * fix for PMASA-2014-2 ( CVE-2014-4348, CWE-661, CWE-79 )
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-2.php
     - sf#4465 [security] XSS injection due to unescaped db/table name 
       in recent/favorite tables
 

phpMyAdmin.spec

@@ -34,7 +34,7 @@ Name:           phpMyAdmin
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0+
 Group:          Productivity/Networking/Web/Frontends
-Version:        4.2.7
+Version:        4.2.7.1
 Release:        0
 Url:            http://www.phpMyAdmin.net
 Source0:        http://sourceforge.net/projects/phpmyadmin/files/%{name}-%{version}-all-languages.tar.bz2