Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 16 Jan 2007 20:35:35 GMT
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        FreeBSD-gnats-submit@FreeBSD.org
Cc:        security-team@FreeBSD.org
Subject:   ports/108014: [maintainer] databases/phpmyadmin security upgrade to 2.9.2
Message-ID:  <200701162035.l0GKZZ1N008102@happy-idiot-talk.infracaninophile.co.uk>
Resent-Message-ID: <200701162040.l0GKeLoD014467@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         108014
>Category:       ports
>Synopsis:       [maintainer] databases/phpmyadmin security upgrade to 2.9.2
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jan 16 20:40:21 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 6.2-PRERELEASE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #6: Sun Jan 14 11:13:39 GMT 2007 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386


	
>Description:

This is the final release of version 2.9.2, which is actually unchanged
from the preliminary 2.9.2.rc1 currently in ports.  That release was a
fast reaction to the vulnerabilities more fully documented with this
release.

Release Announcement: 

phpMyAdmin 2.9.2 - January 16, 2007
======================================

A set of PHP-scripts to administrate MySQL over the Web.
--------------------------------------------------------

Announcement
------------

The phpMyAdmin Project announces the immediate availability
of phpMyAdmin 2.9.2, a bugfix-only release containing security fixes.
See the Security section of phpmyadmin.net for details.

phpMyAdmin is a web administration tool for MySQL databases, intended to
handle a whole database server as well as a single database. Over the
years, it has become the most popular Web GUI for MySQL.


Fixes
-----
      * improved support for web clusters
      * deleting a user under MySQL 4.1.x
      * DELIMITER in export no longer commented out
      * export of query results and procedure definitions
      * detection of a binary column
      * problem on 64-bit systems
      * granting all privileges on a wildcard name
      * verification on encrypted zip files
      * security fixes

ChangeLog:

https://sourceforge.net/project/shownotes.php?release_id=478992
or
http://www.phpmyadmin.net/ChangeLog.txt

Advisories:

http://www.securityfocus.com/archive/1/453432
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2

Note: 2.9.2.rc1 is also not vulnerable to the problems covered in
these advisories.  2.9.1.1 and earlier are.

>How-To-Repeat:
	
>Fix:

	

--- phpmyadmin.diff begins here ---
diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile
--- /usr/ports/databases/phpmyadmin/Makefile	Wed Jan 10 18:53:31 2007
+++ phpmyadmin/Makefile	Tue Jan 16 20:11:38 2007
@@ -6,11 +6,11 @@
 #
 
 PORTNAME=	phpMyAdmin
-DISTVERSION=	2.9.2.r1
+DISTVERSION=	2.9.2
 CATEGORIES=	databases www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	phpmyadmin
-DISTNAME=	${PORTNAME}-${PORTVERSION:C/\.r(.)/-rc\1/}-all-languages
+DISTNAME=	${PORTNAME}-${PORTVERSION}-all-languages
 
 MAINTAINER=	m.seaman@infracaninophile.co.uk
 COMMENT=	A set of PHP-scripts to manage MySQL over the web
diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo
--- /usr/ports/databases/phpmyadmin/distinfo	Wed Jan 10 18:53:31 2007
+++ phpmyadmin/distinfo	Tue Jan 16 20:15:19 2007
@@ -1,3 +1,3 @@
-MD5 (phpMyAdmin-2.9.2-rc1-all-languages.tar.bz2) = 86c3f72b2853fb3b50703749af8c42f7
-SHA256 (phpMyAdmin-2.9.2-rc1-all-languages.tar.bz2) = dd10b5f49c0837d7b884fc395176a3b76eef586eb84177d2adc6474b0d9e53a5
-SIZE (phpMyAdmin-2.9.2-rc1-all-languages.tar.bz2) = 2352924
+MD5 (phpMyAdmin-2.9.2-all-languages.tar.bz2) = 8d67cab6f93da370929622d0ef96839a
+SHA256 (phpMyAdmin-2.9.2-all-languages.tar.bz2) = 9f53c41d7334e8234654512678a1de7b41f47c9149d2352216dd82cb351269f6
+SIZE (phpMyAdmin-2.9.2-all-languages.tar.bz2) = 2351428
--- phpmyadmin.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200701162035.l0GKZZ1N008102>