Date: Mon, 23 Jun 2008 07:17:59 +0100 (BST) From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/124900: [maintainer] databases/phpmyadmin -- security update to 2.11.7-rc2 Message-ID: <200806230617.m5N6Hx9b086744@happy-idiot-talk.infracaninophile.co.uk> Resent-Message-ID: <200806230620.m5N6K1t9084881@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 124900 >Category: ports >Synopsis: [maintainer] databases/phpmyadmin -- security update to 2.11.7-rc2 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Jun 23 06:20:01 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 7.0-STABLE i386 >Organization: Infracaninophile >Environment: System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 7.0-STABLE FreeBSD 7.0-STABLE #39: Thu Jun 19 21:16:44 BST 2008 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386 >Description: Update to a release candidate version, counter to my usual policy of just tracking release versions, as there is a security fix included. The phpMyAdmin project seems to be being a bit coy about releasing an advisory though: >From the changelog: - protection against XSS when register_globals is on and .htaccess has no effect, thanks to Tim Starling The Announcement message: "Welcome to the second release candidate for phpMyAdmin 2.11.7, a bugfix-only release. This rc contains a security fix; an advisory will be published in a few days. Download info available on http://www.phpmyadmin.net. Marc Delisle, for the team" >How-To-Repeat: >Fix: --- phpmyadmin.diff begins here --- diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile --- /usr/ports/databases/phpmyadmin/Makefile 2008-05-01 14:51:02.000000000 +0100 +++ phpmyadmin/Makefile 2008-06-23 07:04:45.000000000 +0100 @@ -6,11 +6,11 @@ # PORTNAME= phpMyAdmin -DISTVERSION= 2.11.6 +DISTVERSION= 2.11.7-rc2 CATEGORIES= databases www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= phpmyadmin -DISTNAME= ${PORTNAME}-${PORTVERSION}-all-languages +DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages MAINTAINER= m.seaman@infracaninophile.co.uk COMMENT= A set of PHP-scripts to manage MySQL over the web diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo --- /usr/ports/databases/phpmyadmin/distinfo 2008-05-01 14:51:02.000000000 +0100 +++ phpmyadmin/distinfo 2008-06-23 07:05:22.000000000 +0100 @@ -1,3 +1,3 @@ -MD5 (phpMyAdmin-2.11.6-all-languages.tar.bz2) = 0477a97e80e12c97fef671365db910a5 -SHA256 (phpMyAdmin-2.11.6-all-languages.tar.bz2) = e35e61b9b4fc4545097a18e66c73ee2d189bcb1b97da65ebc7d66584f28f3a90 -SIZE (phpMyAdmin-2.11.6-all-languages.tar.bz2) = 3097302 +MD5 (phpMyAdmin-2.11.7-rc2-all-languages.tar.bz2) = 971e81c9844a456a10a3cf78945ddb13 +SHA256 (phpMyAdmin-2.11.7-rc2-all-languages.tar.bz2) = ae19792ecd5fae360616c7ba59ab33e475109ab764d73edaf19c25df1194951c +SIZE (phpMyAdmin-2.11.7-rc2-all-languages.tar.bz2) = 3098928 --- phpmyadmin.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200806230617.m5N6Hx9b086744>