From 25bbb7b4dac7a7346a9a23b49c2e635d59f802a17cbe37ad2b46d68843ea8885 Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Thu, 20 Nov 2014 21:25:44 +0000 Subject: [PATCH 1/3] Accepting request 262486 from home:ecsos update to 4.2.12 bug and security fixes have send email to security@suse.de too OBS-URL: https://build.opensuse.org/request/show/262486 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=153 --- phpMyAdmin-4.2.11-all-languages.tar.bz2 | 3 --- phpMyAdmin-4.2.12-all-languages.tar.bz2 | 3 +++ phpMyAdmin.changes | 36 +++++++++++++++++++++++++ phpMyAdmin.spec | 2 +- 4 files changed, 40 insertions(+), 4 deletions(-) delete mode 100644 phpMyAdmin-4.2.11-all-languages.tar.bz2 create mode 100644 phpMyAdmin-4.2.12-all-languages.tar.bz2 diff --git a/phpMyAdmin-4.2.11-all-languages.tar.bz2 b/phpMyAdmin-4.2.11-all-languages.tar.bz2 deleted file mode 100644 index 0acfcf7..0000000 --- a/phpMyAdmin-4.2.11-all-languages.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:14467411a19dd30ab96174cef0ea39aecf7bed3cdb5e4d36087d9aab0aaddc2e -size 6991486 diff --git a/phpMyAdmin-4.2.12-all-languages.tar.bz2 b/phpMyAdmin-4.2.12-all-languages.tar.bz2 new file mode 100644 index 0000000..784d2e8 --- /dev/null +++ b/phpMyAdmin-4.2.12-all-languages.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:60c05e2668bc07044817fe26b4cb5a4bc92afb3fb8c4c0dad42cd2fcc5febc29 +size 6988195 diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index f29e069..287f7a9 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,3 +1,39 @@ +------------------------------------------------------------------- +Thu Nov 20 16:18:55 UTC 2014 - ecsos@opensuse.org + +- update to 4.2.12 (2014-11-20) + - sf#4574 Blank/white page when JavaScript disabled + - sf#4577 Multi row actions cause full page reloads + - fix ReferenceError: targeturl is not defined + - fix Incorrect text/icon display in Tracking report + - sf#4404 Recordset return from procedure display nothing + - sf#4584 Edit dialog for routines is too long for + smaller displays + - sf#4586 Javascript error after moving a column + - sf#4576 Issue with long comments on table columns + - sf#4599 Input field unnecessarily selected on focus + - sf#4602 Exporting selected rows exports all rows of the query + - sf#4444 No insert statement produced in SQL export for + queries with alias + - sf#4603 Field disabled when internal relations used + * PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + - sf#4595 [security] Path traversal can lead to leakage of + line count + * PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php + - sf#4596 [security] XSS through exception stack + * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + - sf#4594 [security] Path traversal in file inclusion of + GIS factory + * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + - sf#4578 [security] XSS vulnerability in table print view + - sf#4579 [security] XSS vulnerability in zoom search page + - sf#4598 [security] XSS in multi submit + - sf#4597 [security] XSS through pma_fontsize cookie + ------------------------------------------------------------------- Fri Oct 31 17:44:05 UTC 2014 - ecsos@opensuse.org diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index a312908..bd5c19e 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -34,7 +34,7 @@ Name: phpMyAdmin Summary: Administration of MySQL over the web License: GPL-2.0+ Group: Productivity/Networking/Web/Frontends -Version: 4.2.11 +Version: 4.2.12 Release: 0 Url: http://www.phpMyAdmin.net Source0: http://sourceforge.net/projects/phpmyadmin/files/%{name}-%{version}-all-languages.tar.bz2 From 6445f51d7367ef750220991765198f64191fdfaa319861dd51a7acb119a55bdf Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Thu, 20 Nov 2014 21:29:43 +0000 Subject: [PATCH 2/3] add bug numbers OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=154 --- phpMyAdmin.changes | 38 +++++++++++++++++++++----------------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index 287f7a9..ea001b8 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -2,6 +2,27 @@ Thu Nov 20 16:18:55 UTC 2014 - ecsos@opensuse.org - update to 4.2.12 (2014-11-20) + This update fixes several vulnerabilities, as well as a number of + other bug fixes. +- Security fixes: + * PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) [boo#906488] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + - sf#4595 [security] Path traversal can lead to leakage of + line count + * PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) [boo#906487] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php + - sf#4596 [security] XSS through exception stack + * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) [boo#906486] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + - sf#4594 [security] Path traversal in file inclusion of + GIS factory + * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) [boo#906485] + http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + - sf#4578 [security] XSS vulnerability in table print view + - sf#4579 [security] XSS vulnerability in zoom search page + - sf#4598 [security] XSS in multi submit + - sf#4597 [security] XSS through pma_fontsize cookie +- Other bug fixes: - sf#4574 Blank/white page when JavaScript disabled - sf#4577 Multi row actions cause full page reloads - fix ReferenceError: targeturl is not defined @@ -16,23 +37,6 @@ Thu Nov 20 16:18:55 UTC 2014 - ecsos@opensuse.org - sf#4444 No insert statement produced in SQL export for queries with alias - sf#4603 Field disabled when internal relations used - * PMASA-2014-16 (CVE-2014-8961, CWE-661 CWE-23) - http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php - - sf#4595 [security] Path traversal can lead to leakage of - line count - * PMASA-2014-15 (CVE-2014-8960, CWE-661 CWE-79) - http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php - - sf#4596 [security] XSS through exception stack - * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) - http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php - - sf#4594 [security] Path traversal in file inclusion of - GIS factory - * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) - http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php - - sf#4578 [security] XSS vulnerability in table print view - - sf#4579 [security] XSS vulnerability in zoom search page - - sf#4598 [security] XSS in multi submit - - sf#4597 [security] XSS through pma_fontsize cookie ------------------------------------------------------------------- Fri Oct 31 17:44:05 UTC 2014 - ecsos@opensuse.org From 0860118e5652dc79973702dec199253135c0e5fec06eb80cbd768396a9a581ae Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Thu, 20 Nov 2014 22:24:41 +0000 Subject: [PATCH 3/3] OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=155 --- phpMyAdmin.changes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index ea001b8..dc49d92 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -13,11 +13,11 @@ Thu Nov 20 16:18:55 UTC 2014 - ecsos@opensuse.org http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php - sf#4596 [security] XSS through exception stack * PMASA-2014-14 (CVE-2014-8959, CWE-661 CWE-98) [boo#906486] - http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php - sf#4594 [security] Path traversal in file inclusion of GIS factory * PMASA-2014-13 (CVE-2014-8958, CWE-661 CWE-79) [boo#906485] - http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php + http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php - sf#4578 [security] XSS vulnerability in table print view - sf#4579 [security] XSS vulnerability in zoom search page - sf#4598 [security] XSS in multi submit