From e72432a122ca0c1fff79b644fd57da8a3b8056d035e920b4e018e2e8002474d7 Mon Sep 17 00:00:00 2001 From: Christian Wittmer Date: Tue, 6 Aug 2013 11:00:18 +0000 Subject: [PATCH] Accepting request 185995 from home:julianladisch:branches:server:php:applications update to 4.0.5 (2013-08-04) OBS-URL: https://build.opensuse.org/request/show/185995 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=70 --- phpMyAdmin-4.0.4.2-all-languages.tar.bz2 | 3 -- phpMyAdmin-4.0.5-all-languages.tar.bz2 | 3 ++ phpMyAdmin.changes | 43 ++++++++++++++++++++---- phpMyAdmin.spec | 2 +- 4 files changed, 41 insertions(+), 10 deletions(-) delete mode 100644 phpMyAdmin-4.0.4.2-all-languages.tar.bz2 create mode 100644 phpMyAdmin-4.0.5-all-languages.tar.bz2 diff --git a/phpMyAdmin-4.0.4.2-all-languages.tar.bz2 b/phpMyAdmin-4.0.4.2-all-languages.tar.bz2 deleted file mode 100644 index 9ff5654..0000000 --- a/phpMyAdmin-4.0.4.2-all-languages.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:aadbe787db33c6da6abfddfd8b16b4adbb2beb204558db88970347f3b8f699e9 -size 5768927 diff --git a/phpMyAdmin-4.0.5-all-languages.tar.bz2 b/phpMyAdmin-4.0.5-all-languages.tar.bz2 new file mode 100644 index 0000000..a760e0e --- /dev/null +++ b/phpMyAdmin-4.0.5-all-languages.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:09597049327057a67027f4101ec976eae57a1e20115dbf37ba3caf4348981128 +size 6083117 diff --git a/phpMyAdmin.changes b/phpMyAdmin.changes index a0806e9..d836aa2 100644 --- a/phpMyAdmin.changes +++ b/phpMyAdmin.changes @@ -1,15 +1,46 @@ +------------------------------------------------------------------- +Mon Aug 5 21:51:23 UTC 2013 - obs@ladisch.de + +- update to 4.0.5 (2013-08-04) + + sf#3977 Not detected configuration storage + + sf#3970 Pressing enter in the filter field reloads page + + sf#3984 Cannot insert in this table (PHP < 5.4) + + sf#3989 Reloading privileges does not update the interface + + sf#3960 NavigationBarIconic config not honored + + sf#3985 Call to undefined function mb_detect_encoding + + sf#4007 Analyze option not shown for InnoDB tables + + sf#4015 Forcing a storage engine for configuration storage + + bug Incorrect Drizzle 7 detection + + sf#4019 Create database if not exists (export): add an option to the + interface to enable generating CREATE DATABASE and USE (false by default) + + sf#4012 Crash on CSV file import + + sf#4009 Statistic Monitor shows only last 3 digits in graph + + sf#3998 Non-permanent SQL history not working + + sf#3578 Transformations for text/plain on a BLOB column + + [security] Improved protection against cross framing, see PMASA-2013-10 + (CVE-2013-5029 CWE-661 CWE-693) + + Reinstated configuration directive: AllowThirdPartyFraming + +------------------------------------------------------------------- +Mon Aug 5 21:32:45 UTC 2013 - obs@ladisch.de + +- fix for bug sf#4038: PMASA-2013-8 not mentioned in 4.0.4.2 changes +- add CVEs to 4.0.4.2 changes + ------------------------------------------------------------------- Mon Jul 29 20:07:45 UTC 2013 - chris@computersalat.de - fix for bnc#831896 * multiple XSS issues (+ a SQL injection and full path disclosure flaw) - * fix for PMASA-2013-9 (CWE-661 CWE-79 CWE-80) - * fix for PMASA-2013-11 (CWE-300 CWE-79) - * fix for PMASA-2013-12 (CWE-661 CWE-200) - * fix for PMASA-2013-13 (CWE-661 CWE-79 CWE-80) - * fix for PMASA-2013-14 (CWE-661 CWE-79) - * fix for PMASA-2013-15 (CWE-661 CWE-89 CWE-269) + * fix for PMASA-2013-8 (CVE-2013-4995 CWE-661 CWE-79) + * fix for PMASA-2013-9 (CVE-2013-4996 CVE-2013-4997 CWE-661 CWE-79 CWE-80) + * fix for PMASA-2013-11 (CVE-2013-4996 CWE-300 CWE-79) + * fix for PMASA-2013-12 (CVE-2013-4998 CVE-2013-4999 CVE-2013-5000 CWE-661 CWE-200) + * fix for PMASA-2013-13 (CVE-2013-5001 CWE-661 CWE-79 CWE-80) + * fix for PMASA-2013-14 (CVE-2013-5002 CWE-661 CWE-79) + * fix for PMASA-2013-15 (CVE-2013-5003 CWE-661 CWE-89 CWE-269) - update to 4.0.4.2 (2013-07-28) + * [security] fix unescaped parameter, see PMASA-2013-8 * [security] Fix stored XSS in Server status monitor, see PMASA-2013-9 * [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9 * [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9 diff --git a/phpMyAdmin.spec b/phpMyAdmin.spec index 04d9028..c9fe04f 100644 --- a/phpMyAdmin.spec +++ b/phpMyAdmin.spec @@ -34,7 +34,7 @@ Name: phpMyAdmin Summary: Administration of MySQL over the web License: GPL-2.0+ Group: Productivity/Networking/Web/Frontends -Version: 4.0.4.2 +Version: 4.0.5 Release: 0 Url: http://www.phpMyAdmin.net Source0: %{name}-%{version}-all-languages.tar.bz2