Accepting request 363755 from home:AndreasStieger:branches:server:php:applications

phpMyAdmin 4.5.5.1 OBS-URL: https://build.opensuse.org/request/show/363755 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=252
2016-03-01 18:21:21 +00:00
parent 5ad751ecaf
commit 899e3e888f
6 changed files with 38 additions and 21 deletions
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@@ -1,3 +1,20 @@
+-------------------------------------------------------------------
+Tue Mar  1 18:04:41 UTC 2016 - astieger@suse.com
+
+- phpMyAdmin 4.5.5.1:
+  The following vulnerabilities were fixed:
+  * CVE-2016-2559: XSS vulnerability in SQL parser (PMASA-2016-10 boo#968940)
+  * CVE-2016-2560: Multiple XSS vulnerabilities (PMASA-2016-11 boo#968938)
+  * CVE-2016-2561: Multiple XSS vulnerabilities (PMASA-2016-12 boo#968941)
+  * CVE-2016-2562: Vulnerability allowing man-in-the-middle attack on API call to GitHub (PMASA-2016-13 boo#968928)
+  The following upstream bugs were fixed:
+  * CREATE UNIQUE INDEX index type is not recognized by parser.
+  * Row count wrong when grouping joined tables.
+  * Column definition with default value and comment in CREATE TABLE expoerted faulty.
+  * New statement but no delimiter and unexpected token with REPLACE.
+  * Fixed incorrect usage of SQL parser context in SQL export
+  * Fixed inclusion of gettext library from SQL parser
+
 -------------------------------------------------------------------
 Wed Feb 24 20:56:15 UTC 2016 - astieger@suse.com