From owner-svn-ports-all@FreeBSD.ORG Sun Jul 28 15:38:46 2013 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id 66914CD5; Sun, 28 Jul 2013 15:38:46 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 51FF8202C; Sun, 28 Jul 2013 15:38:46 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6SFckb5099404; Sun, 28 Jul 2013 15:38:46 GMT (envelope-from matthew@svn.freebsd.org) Received: (from matthew@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6SFcjES099393; Sun, 28 Jul 2013 15:38:45 GMT (envelope-from matthew@svn.freebsd.org) Message-Id: <201307281538.r6SFcjES099393@svn.freebsd.org> From: Matthew Seaman Date: Sun, 28 Jul 2013 15:38:45 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r323835 - in head: databases/phpmyadmin databases/phpmyadmin35 security/vuxml X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Jul 2013 15:38:46 -0000 Author: matthew Date: Sun Jul 28 15:38:44 2013 New Revision: 323835 URL: http://svnweb.freebsd.org/changeset/ports/323835 Log: Security update: multiple vulnerabilities in databases/phpmyadmin and databases/phpmyadmin35 - update phpmyadmin to 4.0.4.2 ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view - update phpmyadmin35 to 3.5.8.2 ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view - vuxml The PMSA references shown have not been published yet, hence no CVE numbers and a lack of detail in the descriptions. Yes, PMSA-2013-10 is missing from the sequence. According to the security alert e-mail: "For more details, see the upcoming PMASA-2013-8 to PMASA-2013-15 (minus PMASA-2013-10 which is reserved for a future advisory)." Modified: head/databases/phpmyadmin/Makefile head/databases/phpmyadmin/distinfo head/databases/phpmyadmin35/Makefile head/databases/phpmyadmin35/distinfo head/security/vuxml/vuln.xml Modified: head/databases/phpmyadmin/Makefile ============================================================================== --- head/databases/phpmyadmin/Makefile Sun Jul 28 15:11:44 2013 (r323834) +++ head/databases/phpmyadmin/Makefile Sun Jul 28 15:38:44 2013 (r323835) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin -DISTVERSION= 4.0.4.1 +DISTVERSION= 4.0.4.2 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages Modified: head/databases/phpmyadmin/distinfo ============================================================================== --- head/databases/phpmyadmin/distinfo Sun Jul 28 15:11:44 2013 (r323834) +++ head/databases/phpmyadmin/distinfo Sun Jul 28 15:38:44 2013 (r323835) @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = da15749b29d2a3011f9ad83e035f7d8a4f478a0b14179b1d3ea9441e8739c6bb -SIZE (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = 4411500 +SHA256 (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 0c13b9136092e33c0e4ce07d88818b989a7aa45d5c47f089df69719b4cc97fe5 +SIZE (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 4367316 Modified: head/databases/phpmyadmin35/Makefile ============================================================================== --- head/databases/phpmyadmin35/Makefile Sun Jul 28 15:11:44 2013 (r323834) +++ head/databases/phpmyadmin35/Makefile Sun Jul 28 15:38:44 2013 (r323835) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin35 -DISTVERSION= 3.5.8.1 +DISTVERSION= 3.5.8.2 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L:S/35//}/${PORTNAME:S/35//}/${DISTVERSION} DISTNAME= ${PORTNAME:S/35//}-${DISTVERSION}-all-languages Modified: head/databases/phpmyadmin35/distinfo ============================================================================== --- head/databases/phpmyadmin35/distinfo Sun Jul 28 15:11:44 2013 (r323834) +++ head/databases/phpmyadmin35/distinfo Sun Jul 28 15:38:44 2013 (r323835) @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = c66737ff55369b1c9e4b116e68f3c517faf7c4bc17e289d008d74fde6c8260f6 -SIZE (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = 3744808 +SHA256 (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = fe9d4a6d25a953f291db171441314c31d3976f7d85296ceec26b1bb5ee84afe2 +SIZE (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = 3743436 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Jul 28 15:11:44 2013 (r323834) +++ head/security/vuxml/vuln.xml Sun Jul 28 15:38:44 2013 (r323835) @@ -51,6 +51,65 @@ Note: Please add new entries to the beg --> + + phpMyAdmin -- multiple vulnerabilities + + + phpMyAdmin + 4.04.0.4.2 + + + phpMyAdmin35 + 3.53.5.8.2 + + + + +

The phpMyAdmin development team reports:

+
+

Self-XSS in "Showing rows." (phpMyAdmin35 only)

+
+
+

Self-XSS in Display chart.

+

Stored XSS in Server status monitor.

+

Stored XSS in navigation panel logo link (phpMyAdmin35 only).

+

Self-XSS in setup, trusted proxies validation.

+
+
+

Unencoded json object.

+
+
+

Full path disclosure.

+
+
+

Stored XSS in link transformation plugin.

+
+
+

Self-XSS in schema export.

+
+
+

Control user SQL injection in pmd_pdf.php.

+

Control user SQL injection in schema_export.php.

+
+ + + + http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php + http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php + http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php + http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php + http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php + http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php + http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php + http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view + http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view + + + 2013-07-28 + 2013-07-28 + + + wordpress -- multiple vulnerabilities