Accepting request 262544 from server:php:applications

phpMyAdmin 4.2.12 CVE-2014-8961 [boo#906488] CVE-2014-8960 [boo#906487] CVE-2014-8959 [boo#906486] CVE-2014-8958 [boo#906485] OBS-URL: https://build.opensuse.org/request/show/262544 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/phpMyAdmin?expand=0&rev=80
2014-11-24 10:08:56 +00:00 · 2014-11-24 10:08:56 +00:00 · 99a68a0da0
commit 99a68a0da0
parent c79ee6bd6e 0860118e56
4 changed files with 44 additions and 4 deletions
--- a/phpMyAdmin-4.2.11-all-languages.tar.bz2
+++ b/phpMyAdmin-4.2.11-all-languages.tar.bz2
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:14467411a19dd30ab96174cef0ea39aecf7bed3cdb5e4d36087d9aab0aaddc2e
-size 6991486
--- a/phpMyAdmin-4.2.12-all-languages.tar.bz2
+++ b/phpMyAdmin-4.2.12-all-languages.tar.bz2
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:60c05e2668bc07044817fe26b4cb5a4bc92afb3fb8c4c0dad42cd2fcc5febc29
+size 6988195
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Thu Nov 20 16:18:55 UTC 2014 - ecsos@opensuse.org
+
+- update to 4.2.12 (2014-11-20)
+  This update fixes several vulnerabilities, as well as a number of
+  other bug fixes.
+- Security fixes:
+  * PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) [boo#906488]
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php
+    - sf#4595 [security] Path traversal can lead to leakage of 
+      line count
+  * PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) [boo#906487]
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
+    - sf#4596 [security] XSS through exception stack
+  * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) [boo#906486]
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
+    - sf#4594 [security] Path traversal in file inclusion of 
+      GIS factory
+  * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) [boo#906485]
+    http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
+    - sf#4578 [security] XSS vulnerability in table print view
+    - sf#4579 [security] XSS vulnerability in zoom search page
+    - sf#4598 [security] XSS in multi submit
+    - sf#4597 [security] XSS through pma_fontsize cookie  
+- Other bug fixes:
+  - sf#4574 Blank/white page when JavaScript disabled
+  - sf#4577 Multi row actions cause full page reloads
+  - fix ReferenceError: targeturl is not defined
+  - fix Incorrect text/icon display in Tracking report
+  - sf#4404 Recordset return from procedure display nothing
+  - sf#4584 Edit dialog for routines is too long for 
+    smaller displays
+  - sf#4586 Javascript error after moving a column
+  - sf#4576 Issue with long comments on table columns
+  - sf#4599 Input field unnecessarily selected on focus
+  - sf#4602 Exporting selected rows exports all rows of the query
+  - sf#4444 No insert statement produced in SQL export for 
+    queries with alias
+  - sf#4603 Field disabled when internal relations used
+
 -------------------------------------------------------------------
 Fri Oct 31 17:44:05 UTC 2014 - ecsos@opensuse.org

--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@ -34,7 +34,7 @@ Name:           phpMyAdmin
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0+
 Group:          Productivity/Networking/Web/Frontends
-Version:        4.2.11
+Version:        4.2.12
 Release:        0
 Url:            http://www.phpMyAdmin.net
 Source0:        http://sourceforge.net/projects/phpmyadmin/files/%{name}-%{version}-all-languages.tar.bz2