Date: Thu, 24 Feb 2005 12:11:56 GMT From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: security-team@FreeBSD.org Subject: ports/78011: [ maintainer ] databases/phpmyadmin -- (security) update to 2.6.1.1 Message-ID: <200502241211.j1OCBulO019358@gravitas.thebunker.net> Resent-Message-ID: <200502241220.j1OCKOnm037704@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 78011 >Category: ports >Synopsis: [ maintainer ] databases/phpmyadmin -- (security) update to 2.6.1.1 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Feb 24 12:20:23 GMT 2005 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 5.3-STABLE i386 >Organization: Infracaninophile >Environment: System: FreeBSD gravitas.thebunker.net 5.3-STABLE FreeBSD 5.3-STABLE #7: Mon Feb 14 23:07:43 GMT 2005 root@gravitas.thebunker.net:/usr/obj/usr/src/sys/GRAVITAS i386 >Description: Update to phpmyadmin version 2.6.1.pl1: Release notes: http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0 Announcement e-mail (quoted below) is at http://sourceforge.net/mailarchive/forum.php?thread_id=6674358&forum_id=2141 Patch level 1 of phpMyAdmin 2.6.1 fixes some security problems, along with a few other bugs. A more formal security alert will be posted when ready. Meanwhile, the phpMyAdmin development team strongly advises an upgrade to phpMyAdmin 2.6.1-pl1, and to also apply the following security measures on your PHP installation (if feasible) by modifying your php.ini configuration file (or virtual host settings): - set register_globals to Off - set display_errors to Off - set log_errors to On - define the path to your error log with the error_log directive Both settings are recommended in the PHP documentation on a server running in production. For example: http://www.php.net/manual/en/security.errors.php However, we suggest you review the impact of those changes before applying them. Meanwhile, work continues on the development version 2.6.2. >How-To-Repeat: >Fix: --- phpmyadmin.diff begins here --- diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile --- /usr/ports/databases/phpmyadmin/Makefile Wed Jan 26 14:37:43 2005 +++ phpmyadmin/Makefile Thu Feb 24 11:58:22 2005 @@ -6,7 +6,8 @@ # PORTNAME= phpMyAdmin -DISTVERSION= 2.6.1 +DISTVERSION= 2.6.1-pl1 +PORTVERSION= 2.6.1.1 CATEGORIES= databases www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= phpmyadmin diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo --- /usr/ports/databases/phpmyadmin/distinfo Wed Jan 26 14:37:43 2005 +++ phpmyadmin/distinfo Thu Feb 24 11:58:26 2005 @@ -1,2 +1,2 @@ -MD5 (phpMyAdmin-2.6.1.tar.bz2) = eaa23b48760f2b31a8725bf85b0acecd -SIZE (phpMyAdmin-2.6.1.tar.bz2) = 1544628 +MD5 (phpMyAdmin-2.6.1-pl1.tar.bz2) = a21e55accd44ec5c5982ebd62234a17d +SIZE (phpMyAdmin-2.6.1-pl1.tar.bz2) = 1541672 --- phpmyadmin.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200502241211.j1OCBulO019358>