From bb5a9191ee4d8e985582cb3d6bb9f09619bb2197f9d03bc278bb049951852876 Mon Sep 17 00:00:00 2001 From: Eric Schirra Date: Sat, 22 Jan 2022 10:32:31 +0000 Subject: [PATCH] Accepting request 948083 from home:ecsos:server - Update to 5.1.2 This is a security and bufix release. * Security - Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661) Two factor authentication bypass - Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661) Multiple XSS and HTML injection attacks in setup script * Bugfixes - Revert a changed to $cfg['CharTextareaRows'] allow values less than 7 - Fix encoding of enum and set values on edit value - Fixed possible "Undefined index: clause_is_unique" error - Fixed some situations where a user is logged out when working with more than one server - Fixed a problem with assigning privileges to a user using the multiselect list when the database name has an underscore - Enable cookie parameter "SameSite" when the PHP version is 7.3 or newer - Correctly handle the removal of "innodb_file_format" in MariaDB and MySQL OBS-URL: https://build.opensuse.org/request/show/948083 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=371 --- phpMyAdmin.changes | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index de09704..f341bcb 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -4,9 +4,9 @@ Sat Jan 22 09:39:12 UTC 2022 - ecsos - Update to 5.1.2 This is a security and bufix release. * Security - - Fix (CVE-2022-23807, PMASA-2022-1, CWE-661) + - Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661) Two factor authentication bypass - - Fix (CVE-2022-23808, PMASA-2022-2, CWE-661) + - Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661) Multiple XSS and HTML injection attacks in setup script * Bugfixes - Revert a changed to $cfg['CharTextareaRows'] allow values