Date: Wed, 5 Jun 2013 22:02:14 +0000 (UTC) From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r320032 - in head: databases/phpmyadmin security/vuxml Message-ID: <201306052202.r55M2EjU062744@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: matthew Date: Wed Jun 5 22:02:13 2013 New Revision: 320032 URL: http://svnweb.freebsd.org/changeset/ports/320032 Log: Security upgrade to 4.0.3 Advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.3/phpMyAdmin-4.0.3-notes.html/view Security: 6b97436c-ce1e-11e2-9cb2-6805ca0b3d42 Modified: head/databases/phpmyadmin/Makefile head/databases/phpmyadmin/distinfo head/security/vuxml/vuln.xml Modified: head/databases/phpmyadmin/Makefile ============================================================================== --- head/databases/phpmyadmin/Makefile Wed Jun 5 22:02:08 2013 (r320031) +++ head/databases/phpmyadmin/Makefile Wed Jun 5 22:02:13 2013 (r320032) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin -DISTVERSION= 4.0.2 +DISTVERSION= 4.0.3 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages Modified: head/databases/phpmyadmin/distinfo ============================================================================== --- head/databases/phpmyadmin/distinfo Wed Jun 5 22:02:08 2013 (r320031) +++ head/databases/phpmyadmin/distinfo Wed Jun 5 22:02:13 2013 (r320032) @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-4.0.2-all-languages.tar.xz) = fad443ccfbf40c7e54bc04dde32423b9837a50e54771ff4c424ad31561d1082f -SIZE (phpMyAdmin-4.0.2-all-languages.tar.xz) = 4360284 +SHA256 (phpMyAdmin-4.0.3-all-languages.tar.xz) = a1e2d663ee8976402dd18818cc8479eb34019a82553df0009af1036e63629a93 +SIZE (phpMyAdmin-4.0.3-all-languages.tar.xz) = 4400480 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jun 5 22:02:08 2013 (r320031) +++ head/security/vuxml/vuln.xml Wed Jun 5 22:02:13 2013 (r320032) @@ -51,6 +51,37 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6b97436c-ce1e-11e2-9cb2-6805ca0b3d42"> + <topic>phpMyAdmin -- XSS due to unescaped HTML output in Create View page</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>4.0</ge><lt>4.0.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php"> + <p>When creating a view with a crafted name and an incorrect + CREATE statement, it is possible to trigger an XSS.</p> + <p>This vulnerability can be triggered only by someone who + logged in to phpMyAdmin, as the usual token protection + prevents non-logged-in users from accessing the required + form.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php</url> + <cvename>CVE-2013-3742</cvename> + </references> + <dates> + <discovery>2013-06-05</discovery> + <entry>2013-06-05</entry> + </dates> + </vuln> + <vuln vid="a3c2dee5-cdb9-11e2-b9ce-080027019be0"> <topic>telepathy-gabble -- TLS verification bypass</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201306052202.r55M2EjU062744>