Date: Tue, 16 Jan 2007 20:35:35 GMT From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: security-team@FreeBSD.org Subject: ports/108014: [maintainer] databases/phpmyadmin security upgrade to 2.9.2 Message-ID: <200701162035.l0GKZZ1N008102@happy-idiot-talk.infracaninophile.co.uk> Resent-Message-ID: <200701162040.l0GKeLoD014467@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 108014 >Category: ports >Synopsis: [maintainer] databases/phpmyadmin security upgrade to 2.9.2 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Jan 16 20:40:21 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 6.2-PRERELEASE i386 >Organization: Infracaninophile >Environment: System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #6: Sun Jan 14 11:13:39 GMT 2007 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386 >Description: This is the final release of version 2.9.2, which is actually unchanged from the preliminary 2.9.2.rc1 currently in ports. That release was a fast reaction to the vulnerabilities more fully documented with this release. Release Announcement: phpMyAdmin 2.9.2 - January 16, 2007 ====================================== A set of PHP-scripts to administrate MySQL over the Web. -------------------------------------------------------- Announcement ------------ The phpMyAdmin Project announces the immediate availability of phpMyAdmin 2.9.2, a bugfix-only release containing security fixes. See the Security section of phpmyadmin.net for details. phpMyAdmin is a web administration tool for MySQL databases, intended to handle a whole database server as well as a single database. Over the years, it has become the most popular Web GUI for MySQL. Fixes ----- * improved support for web clusters * deleting a user under MySQL 4.1.x * DELIMITER in export no longer commented out * export of query results and procedure definitions * detection of a binary column * problem on 64-bit systems * granting all privileges on a wildcard name * verification on encrypted zip files * security fixes ChangeLog: https://sourceforge.net/project/shownotes.php?release_id=478992 or http://www.phpmyadmin.net/ChangeLog.txt Advisories: http://www.securityfocus.com/archive/1/453432 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1 http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2 Note: 2.9.2.rc1 is also not vulnerable to the problems covered in these advisories. 2.9.1.1 and earlier are. >How-To-Repeat: >Fix: --- phpmyadmin.diff begins here --- diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile --- /usr/ports/databases/phpmyadmin/Makefile Wed Jan 10 18:53:31 2007 +++ phpmyadmin/Makefile Tue Jan 16 20:11:38 2007 @@ -6,11 +6,11 @@ # PORTNAME= phpMyAdmin -DISTVERSION= 2.9.2.r1 +DISTVERSION= 2.9.2 CATEGORIES= databases www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= phpmyadmin -DISTNAME= ${PORTNAME}-${PORTVERSION:C/\.r(.)/-rc\1/}-all-languages +DISTNAME= ${PORTNAME}-${PORTVERSION}-all-languages MAINTAINER= m.seaman@infracaninophile.co.uk COMMENT= A set of PHP-scripts to manage MySQL over the web diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo --- /usr/ports/databases/phpmyadmin/distinfo Wed Jan 10 18:53:31 2007 +++ phpmyadmin/distinfo Tue Jan 16 20:15:19 2007 @@ -1,3 +1,3 @@ -MD5 (phpMyAdmin-2.9.2-rc1-all-languages.tar.bz2) = 86c3f72b2853fb3b50703749af8c42f7 -SHA256 (phpMyAdmin-2.9.2-rc1-all-languages.tar.bz2) = dd10b5f49c0837d7b884fc395176a3b76eef586eb84177d2adc6474b0d9e53a5 -SIZE (phpMyAdmin-2.9.2-rc1-all-languages.tar.bz2) = 2352924 +MD5 (phpMyAdmin-2.9.2-all-languages.tar.bz2) = 8d67cab6f93da370929622d0ef96839a +SHA256 (phpMyAdmin-2.9.2-all-languages.tar.bz2) = 9f53c41d7334e8234654512678a1de7b41f47c9149d2352216dd82cb351269f6 +SIZE (phpMyAdmin-2.9.2-all-languages.tar.bz2) = 2351428 --- phpmyadmin.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701162035.l0GKZZ1N008102>