Date: Sat, 23 Jul 2011 17:41:21 +0100 (BST) From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/159143: [maintainer] databases/phpmyadmin security update to 3.4.3.2 Message-ID: <201107231641.p6NGfL6q009684@lucid-nonsense.infracaninophile.co.uk> Resent-Message-ID: <201107231650.p6NGo93g086832@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 159143 >Category: ports >Synopsis: [maintainer] databases/phpmyadmin security update to 3.4.3.2 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sat Jul 23 16:50:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 8.2-STABLE amd64 >Organization: Infracaninophile >Environment: System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-STABLE FreeBSD 8.2-STABLE #46 r224279: Sat Jul 23 09:37:10 BST 2011 root@lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64 >Description: >From the announcement message: "Welcome to phpMyAdmin 3.4.3.2 and to phpMyAdmin 3.3.10.3, which are security releases. Please refer to the upcoming PMASA-2011-9 to PMASA-2011-12 announcements on http://www.phpmyadmin.net/home_page/security/. Details will appear on http://phpmyadmin.net. In a hurry? you can visit http://sourceforge.net/projects/phpmyadmin to download. Marc Delisle, for the team" Still awaiting publication ofthe advisories. The only detail I've found so far is in the ChangeLog: 3.4.3.2 (2011-07-23) - [security] Fixed XSS vulnerability, see PMASA-2011-9 - [security] Fixed local file inclusion vulnerability, see PMASA-2011-10 - [security] Fixed local file inclusion vulnerability and code execution, see PMASA-2011-11 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12 >How-To-Repeat: >Fix: --- phpmyadmin.diff begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v retrieving revision 1.139 diff -u -u -r1.139 Makefile --- Makefile 13 Jul 2011 01:23:50 -0000 1.139 +++ Makefile 23 Jul 2011 16:25:43 -0000 @@ -6,7 +6,7 @@ # PORTNAME= phpMyAdmin -DISTVERSION= 3.4.3.1 +DISTVERSION= 3.4.3.2 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${PORTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages Index: distinfo =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v retrieving revision 1.115 diff -u -u -r1.115 distinfo --- distinfo 3 Jul 2011 11:59:52 -0000 1.115 +++ distinfo 23 Jul 2011 16:25:43 -0000 @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-3.4.3.1-all-languages.tar.bz2) = 138175f19802c5c1c70ceee14b89a86a19ee04917fd7bbd50b17bb200838eb69 -SIZE (phpMyAdmin-3.4.3.1-all-languages.tar.bz2) = 4924615 +SHA256 (phpMyAdmin-3.4.3.2-all-languages.tar.bz2) = d468fffb147f001b70b222acd6d6bc7010c87e805a131371f0e1d20bdc1a93eb +SIZE (phpMyAdmin-3.4.3.2-all-languages.tar.bz2) = 4924912 --- phpmyadmin.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107231641.p6NGfL6q009684>