Accepting request 404236 from home:computersalat:devel:php

update to 4.6.3, fix for boo#986154 OBS-URL: https://build.opensuse.org/request/show/404236 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=262
2016-06-23 12:42:47 +00:00
parent 620e24df45
commit 6f9b3f166e
6 changed files with 76 additions and 21 deletions
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@@ -1,3 +1,58 @@
+-------------------------------------------------------------------
+Thu Jun 23 12:10:01 UTC 2016 - chris@computersalat.de
+
+- update to 4.6.3 (2016-06-23)
+  * gh#12249 Fixed cookie path on Windows
+  * gh#12279 Fixed error reporting on connect problems
+  * gh#12290 Fixed export of tables without explicitly set engine
+  * gh#12285 Designer JavaScript error: Show/Hide tables list
+  * gh#12293 Fix MySQL SSL connection with some PHP versions
+  * gh#12279 Fix MySQL connection error on version mismatch
+  * gh#12281 Keep user attributes (privileges, authentication mode, etc) when copying a user
+  * gh#12308 Fix division by zero in case of misconfigured MySQL server
+  * gh#12317 Fix editing server variables
+  * gh#12303 Fix table size calculation in some circumstances
+  * gh#12310 Fix listing routines for non privileged user
+  * issue Escape generated query in exporting a database
+  * issue Setup script did not properly use input type password for some input types
+- fix for boo#986154
+  * PMASA-2016-17 (CVE-2016-5701, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-17/
+    - BBCode injection vulnerability
+  * PMASA-2016-18 (CVE-2016-5702, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-18/
+    - Cookie attribute injection attack
+  * PMASA-2016-19 (CVE-2016-5703, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-19/
+    - SQL injection attack
+  * PMASA-2016-20 (CVE-2016-5704, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-20/
+    - XSS on table structure page
+  * PMASA-2016-21 (CVE-2016-5705, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-21/
+    - Multiple XSS vulnerabilities
+  * PMASA-2016-22 (CVE-2016-5706, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-22/
+    - DOS attack
+  * PMASA-2016-23 (CVE-2016-5730, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-23/
+    - Multiple full path disclosure vulnerabilities
+  * PMASA-2016-24 (CVE-2016-5731, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-24/
+    - XSS through FPD
+  * PMASA-2016-25 (CVE-2016-5732, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-25/
+    - XSS in partition range functionality
+  * PMASA-2016-26 (CVE-2016-5733, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-26/
+    - Multiple XSS vulnerabilities
+  * PMASA-2016-27 (CVE-2016-5734, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-27/
+    - Unsafe handling of preg_replace parameters
+  * PMASA-2016-28 (CVE-2016-5739, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2016-28/
+    - Referrer leak in transformations
+
 -------------------------------------------------------------------
 Sun May 29 15:07:43 UTC 2016 - chris@computersalat.de