From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Dec 22 11:10:09 2011 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 725C81065670 for ; Thu, 22 Dec 2011 11:10:09 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 650DC8FC18 for ; Thu, 22 Dec 2011 11:10:08 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id pBMBA8iA029604 for ; Thu, 22 Dec 2011 11:10:08 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id pBMBA8oa029603; Thu, 22 Dec 2011 11:10:08 GMT (envelope-from gnats) Resent-Date: Thu, 22 Dec 2011 11:10:08 GMT Resent-Message-Id: <201112221110.pBMBA8oa029603@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthew Seaman Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 55103106566B; Thu, 22 Dec 2011 11:01:33 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id C94B88FC0A; Thu, 22 Dec 2011 11:01:32 +0000 (UTC) Received: from lucid-nonsense.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id pBMB1SA0001057; Thu, 22 Dec 2011 11:01:28 GMT (envelope-from matthew@lucid-nonsense.infracaninophile.co.uk) Received: (from matthew@localhost) by lucid-nonsense.infracaninophile.co.uk (8.14.5/8.14.5/Submit) id pBMB1SxL001056; Thu, 22 Dec 2011 11:01:28 GMT (envelope-from matthew) Message-Id: <201112221101.pBMB1SxL001056@lucid-nonsense.infracaninophile.co.uk> Date: Thu, 22 Dec 2011 11:01:28 GMT From: Matthew Seaman To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: secteam@FreeBSD.org Subject: ports/163528: [maintainer] databases/phpmyadmin -- security update to 3.4.9 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Matthew Seaman List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2011 11:10:09 -0000 >Number: 163528 >Category: ports >Synopsis: [maintainer] databases/phpmyadmin -- security update to 3.4.9 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Dec 22 11:10:07 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 8.2-STABLE amd64 >Organization: Infracaninophile >Environment: System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-STABLE FreeBSD 8.2-STABLE #24 r227991: Sat Nov 26 13:33:22 GMT 2011 root@lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64 >Description: Hopefully for the last time this year: This is the formal release of the fix for these securty vulnerabilities. However the code is identical to the quick-reaction patches in 3.4.9-rc1 other than updating the version number. Security advisories have now been published: http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php CVE Numbers: CVE-2011-4782 CVE-2011-4780 Release Notes: Welcome to phpMyAdmin 3.4.9, a bugfix release with minor security corrections. 3.4.9.0 (2011-12-21) - bug #3442028 [edit] Inline editing enum fields with null shows no dropdown - bug #3442004 [interface] DB suggestion not correct for user with underscore - bug #3438420 [core] Magic quotes removed in PHP 5.4 - bug #3398788 [session] No feedback when result is empty (signon auth_type) - bug #3384035 [display] Problems regarding ShowTooltipAliasTB - bug #3306875 [edit] Can't rename a database that contains views - bug #3452506 [edit] Unable to move tables with triggers - bug #3449659 [navi] Fast filter broken with table tree - bug #3448485 [GUI] Firefox favicon frameset regression - [core] Better compatibility with mysql extension - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20 - [security] Self-XSS in setup (host parameter), see PMASA-2011-19 http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.4.9%2FphpMyAdmin-3.4.9-notes.html/view >How-To-Repeat: >Fix: --- phpmyadmin.diff begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v retrieving revision 1.150 diff -u -u -r1.150 Makefile --- Makefile 16 Dec 2011 01:43:54 -0000 1.150 +++ Makefile 22 Dec 2011 10:25:43 -0000 @@ -6,7 +6,7 @@ # PORTNAME= phpMyAdmin -DISTVERSION= 3.4.9-rc1 +DISTVERSION= 3.4.9 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages Index: distinfo =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v retrieving revision 1.126 diff -u -u -r1.126 distinfo --- distinfo 16 Dec 2011 01:43:54 -0000 1.126 +++ distinfo 22 Dec 2011 10:25:43 -0000 @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-3.4.9-rc1-all-languages.tar.xz) = c005a3880f38e9d20809b2592b5fe108d11fc56bdf4cf666db5e07447ae40096 -SIZE (phpMyAdmin-3.4.9-rc1-all-languages.tar.xz) = 3639524 \ No newline at end of file +SHA256 (phpMyAdmin-3.4.9-all-languages.tar.xz) = b7bceab1d9a6a8d2658e9739f848248faa8aefd945c9f5b33522a00b201363ba +SIZE (phpMyAdmin-3.4.9-all-languages.tar.xz) = 3640512 --- phpmyadmin.diff ends here --- --- vuxml.diff begins here --- Index: vuln.xml =================================================================== RCS file: /home/ncvs/ports/security/vuxml/vuln.xml,v retrieving revision 1.2522 diff -u -u -r1.2522 vuln.xml --- vuln.xml 21 Dec 2011 12:40:43 -0000 1.2522 +++ vuln.xml 22 Dec 2011 10:38:36 -0000 @@ -47,6 +47,42 @@ --> + + phpMyAdmin -- Two XSS vulnerabilities + + + phpMyAdmin + 3.43.4.9.r1 + + + + +

The phpMyAdmin development team reports:

+
+

Crafted values entered in the setup interface can produce + XSS; also, if the config directory exists and is writeable, + the XSS payload can be saved to this directory.

+
+ +
+

Using crafted url parameters, it was possible to produce + XSS on the export panels in the server, database and table + sections.

+
+ + + + CVE-2011-4782 + CVE-2011-4780 + http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php + http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php + + + 2011-12-14 + 2011-12-22 + + + mozilla -- multiple vulnerabilities --- vuxml.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: