Date: Sun, 30 Jun 2013 20:49:33 +0000 (UTC) From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r322099 - in head: databases/phpmyadmin security/vuxml Message-ID: <201306302049.r5UKnXM7027127@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: matthew Date: Sun Jun 30 20:49:32 2013 New Revision: 322099 URL: http://svnweb.freebsd.org/changeset/ports/322099 Log: Security update to 4.0.4.1 ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.1/phpMyAdmin-4.0.4.1-notes.html/view Advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php Security: 1b93f6fe-e1c1-11e2-948d-6805ca0b3d42 Modified: head/databases/phpmyadmin/Makefile head/databases/phpmyadmin/distinfo head/security/vuxml/vuln.xml Modified: head/databases/phpmyadmin/Makefile ============================================================================== --- head/databases/phpmyadmin/Makefile Sun Jun 30 19:23:35 2013 (r322098) +++ head/databases/phpmyadmin/Makefile Sun Jun 30 20:49:32 2013 (r322099) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin -DISTVERSION= 4.0.4 +DISTVERSION= 4.0.4.1 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages Modified: head/databases/phpmyadmin/distinfo ============================================================================== --- head/databases/phpmyadmin/distinfo Sun Jun 30 19:23:35 2013 (r322098) +++ head/databases/phpmyadmin/distinfo Sun Jun 30 20:49:32 2013 (r322099) @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-4.0.4-all-languages.tar.xz) = e2e8ad0a2b4bf63bb62961f5489f4f7cfa1b9e39fd795d4566bb6c27f9856cf0 -SIZE (phpMyAdmin-4.0.4-all-languages.tar.xz) = 4411736 +SHA256 (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = da15749b29d2a3011f9ad83e035f7d8a4f478a0b14179b1d3ea9441e8739c6bb +SIZE (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = 4411500 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Jun 30 19:23:35 2013 (r322098) +++ head/security/vuxml/vuln.xml Sun Jun 30 20:49:32 2013 (r322099) @@ -51,6 +51,38 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="1b93f6fe-e1c1-11e2-948d-6805ca0b3d42"> + <topic>phpMyAdmin -- Global variable scope injection</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>4.0</ge><lt>4.0.4.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php">; + <p>The import.php script was vulnerable to GLOBALS variable + injection. Therefore, an attacker could manipulate any + configuration parameter.</p> + <p>This vulnerability can be triggered only by someone who + logged in to phpMyAdmin, as the usual token protection + prevents non-logged-in users from accessing the required + form.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-7.php</url>; + <cvename>CVE-2013-4729</cvename> + </references> + <dates> + <discovery>2013-06-30</discovery> + <entry>2013-06-30</entry> + </dates> + </vuln> + <vuln vid="81da673e-dfe1-11e2-9389-08002798f6ff"> <topic>apache-xml-security-c -- heap overflow during XPointer evaluation</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306302049.r5UKnXM7027127>