rpm/phpMyAdmin
SHA256
1
0
Fork 0
forked from pool/phpMyAdmin
Code Pull Requests Activity

Accepting request 184887 from home:computersalat:devel:php

Browse Source 
update to 4.0.4.2, fix for bnc#831896

OBS-URL: https://build.opensuse.org/request/show/184887
OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=68
This commit is contained in:
Christian Wittmer
2013-07-29 20:55:25 +00:00
committed by Git OBS Bridge
parent 3a32a5d173
commit 67da26ad23
3 changed files with 53 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
phpMyAdmin.changes
View File

@@ -1,16 +1,24 @@
-------------------------------------------------------------------
Mon Jul 29 20:20:03 UTC 2013 - ecsos@schirra.net
Mon Jul 29 20:07:45 UTC 2013 - chris@computersalat.de
- fix for bnc#831896
* multiple XSS issues (+ a SQL injection and full path disclosure flaw)
* fix for PMASA-2013-9 (CWE-661 CWE-79 CWE-80)
* fix for PMASA-2013-11 (CWE-300 CWE-79)
* fix for PMASA-2013-12 (CWE-661 CWE-200)
* fix for PMASA-2013-13 (CWE-661 CWE-79 CWE-80)
* fix for PMASA-2013-14 (CWE-661 CWE-79)
* fix for PMASA-2013-15 (CWE-661 CWE-89 CWE-269)
- update to 4.0.4.2 (2013-07-28)
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
- [security] Fix full path disclosure, see PMASA-2013-12
- [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
- [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11
- [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13
* [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
* [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
* [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
* [security] Fix full path disclosure, see PMASA-2013-12
* [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
* [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
* [security] Fix self-XSS in schema export, see PMASA-2013-14
* [security] Fix unencoded json object, see PMASA-2013-11
* [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13
-------------------------------------------------------------------
Wed Jul 3 21:40:23 UTC 2013 - obs@ladisch.de