Accepting request 618497 from home:computersalat:devel:php

update to 4.8.2, fix for boo#1098751, PMASA-2018-3 (CVE-2018-12581), PMASA-2018-4 (CVE-2018-12613) OBS-URL: https://build.opensuse.org/request/show/618497 OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=318
2018-06-22 13:56:00 +00:00 · 2018-06-22 13:56:00 +00:00 · d443b7b40d
commit d443b7b40d
parent 81411c424f
6 changed files with 43 additions and 24 deletions
--- a/phpMyAdmin-4.8.1-all-languages.tar.xz
+++ b/phpMyAdmin-4.8.1-all-languages.tar.xz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:3bf228f026899acc0c016446501317bfb58938d6bd3816fe90a702e3f401f913
-size 5916536
--- a/phpMyAdmin-4.8.1-all-languages.tar.xz.asc
+++ b/phpMyAdmin-4.8.1-all-languages.tar.xz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAlsHerwACgkQznUvF4JZ
-vZIgKRAAqG5CAj0U5urpqhgTgnck0jnyaAvx/42kDb6Mhe6BmJ0/6hoqVoOpUw+o
-TwS3rjGO9ffbDBrsj2e2TOALG2XQgj0gIqks54qpRmgr5KW/6wtGs9bp+FMX8u6s
-0VBuiheMLOOhMm+ox+gHnjO6wp2r6gZkcdupqN6cBcnDbj2vQ7iZLX/DgquSo8VY
-xfDNgwtwiy2leqd69LHYEIyblg7VZSAFHFeGtqaUByZ6E/8PiDHnNMSMW2OBvG9v
-fLvLra1RFuCq7sv0gk01Wq4uoAlFa1kREbmESXelggAYHuk8bL8z+myAeXngNK1l
-ijBsRAC7D0YJQ308mrLGrQo+xBLh2DE3y/wBALO9EWpinPNC9sUuAchz2vR6ZPsl
-AlGWjikQfcEIzSo2bMT6l+4N2KI+hq6g/tud/LsaLQ4E8RvsjS30A3sT+FksiQrc
-IXWKh4Hfpxfk/A2NWfH/2hnIBMghVSXfAWIwdLFkNAPCPMESaCCfZuDHCDLD1Dhn
-Vuh436NE0cFEUTkW29biOeb/5cAjL9a3GiNHwrafixRIuBrKFtp1FNEswqb4wEyu
-xKA2q8II3j5friGkJ56JuNZqESwtxL7DZ3oSYAtj8Ws5FZAmQ8DDA8JSr1e8KgRN
-s1iFEY9Tw6kVGLU4afY2PGEbtmPNewqdMvYAcD8SRlHeiUIr/Ag=
-=a68W
-----END PGP SIGNATURE-----
--- a/phpMyAdmin-4.8.2-all-languages.tar.xz
+++ b/phpMyAdmin-4.8.2-all-languages.tar.xz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2b42e75274ab078a0c2ca3aff767f45d1d81849f9f762a2ed0674819f061ba1d
+size 5914400
--- a/phpMyAdmin-4.8.2-all-languages.tar.xz.asc
+++ b/phpMyAdmin-4.8.2-all-languages.tar.xz.asc
@ -0,0 +1,16 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAABCAAdFiEEPQalns5zDrcbURwXznUvF4JZvZIFAlsr3Y4ACgkQznUvF4JZ
+vZLpLw/+Ies53g2QsEuK23Gi5XdcYgRr7J2J4QxddSA1hOybr9WYSPNcvk6fBNxP
+62n3qiggSJzU6M34qInVu2HhvSAx3lYMdcAyHM522CbAFwMY1smNHIbhUokF84IF
+1cbICSpgkC6lMKR5MgmIr6UaWTeyVvu0PAg+tdWwxYx1zVSZuRZoEjxeBYmYyoRT
+9oIwk3fAKB6hQBoTQs/fZ+/cwwpqGOUrpDVOxWxkIlKUmsLrGLueDdTHeAFf2UtV
+mSHyW3q9MEarUYrP8DvIdZ+WyeMD4ucK4vwNZNom1RplbwkRAPuRhFY7ZAMH7soj
+iRQMLjZdeaCABllRG/bBkLBk0pPuF+ATwPVGPgeJAzilMEKLnhxflLprvEF+U9pK
+UEfdSMyJQwjxTKdUj8SOnj4LH0T4MwhS67ZiyWnsmxaKlwnylvEVup81OAZDXxtU
+7Aab49Ii5KBQcdOcNyzgC3QzEzUaP6MckS9Hb92zVyEpbCAuFHqoCFhbMa7H+lUk
+TaoInWGKb9CbAKYtj0QiDYH9AER7xiXabpRvZS7oWRQ7D2xgROno5ElPOB52rGca
+9/TTvtR48rGoLqHsZ4fyhyh4Th0Zx1Gvq1uxRZmaqBpQ3CxwLNovzO70/HS9MiRK
+Q2ZBkvqWVuG7tDviqo/uGFDgX95okbMm43XdbjulOusHJ1PzeWo=
+=1kw6
+-----END PGP SIGNATURE-----
--- a/phpMyAdmin.changes
+++ b/phpMyAdmin.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Fri Jun 22 13:44:04 UTC 2018 - chris@computersalat.de
+
+- update to 4.8.2 (2018-06-21)
+  * issue #14370 WHERE 0 causes Fatal error
+  * issue #14225 Fix missing index icon
+- fix for boo#1098751
+  * PMASA-2018-3 (CVE-2018-12581, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2018-3/
+    - XSS in Designer feature
+  * PMASA-2018-4 (CVE-2018-12613, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2018-4/
+    - File inclusion and remote code execution attack
+- some minor changelog fixes about security fix entries
+
 -------------------------------------------------------------------
 Sat May 26 08:32:00 UTC 2018 - ecsos@opensuse.org

@ -31,8 +46,10 @@ Sat May 26 08:32:00 UTC 2018 - ecsos@opensuse.org
 Fri Apr 20 09:55:08 UTC 2018 - ecsos@opensuse.org

 - update to 4.8.0.1 (2018-04-19)
-  * Fix [security] Multiple CSRF vulnerabilities, See PMASA-2018-02
-    (boo#1090309, CVE-2018-10188)
+- fix for boo#1090309
+  * PMASA-2018-2 (CVE-2018-10188, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2018-2/
+    - Multiple CSRF vulnerabilities

 -------------------------------------------------------------------
 Wed Apr 11 20:02:26 UTC 2018 - ecsos@opensuse.org
@ -136,11 +153,13 @@ Tue Mar  6 13:43:10 UTC 2018 - ecsos@opensuse.org
 Thu Feb 22 20:30:07 UTC 2018 - astieger@suse.com

 - phpMyAdmin 4.7.8:
-  * CVE-2018-7260: self-cross site scripting (XSS) vulnerability
-    in the central columns feature (boo#1082188)
  * Fixed error handling with PHP 7.2
  * Fixed resetting default setting values
  * Fixed fallback value for collation connection
+- fix for boo#1082188
+  * PMASA-2018-1 (CVE-2018-7260, CWE-661)
+    https://www.phpmyadmin.net/security/PMASA-2018-1/
+    - Fix XSS in Central Columns Feature

 -------------------------------------------------------------------
 Mon Dec 25 19:14:32 UTC 2017 - astieger@suse.com
--- a/phpMyAdmin.spec
+++ b/phpMyAdmin.spec
@ -29,7 +29,7 @@
 %define ap_grp nogroup
 %endif
 Name:           phpMyAdmin
-Version:        4.8.1
+Version:        4.8.2
 Release:        0
 Summary:        Administration of MySQL over the web
 License:        GPL-2.0-or-later