Date: Tue, 14 Apr 2009 18:11:27 +0100 (BST) From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: sec-team@FreeBSD.org Subject: ports/133729: [maintainer] databases/phpmyadmin -- security update to 3.1.3.2 Message-ID: <200904141711.n3EHBRQ4001005@happy-idiot-talk.infracaninophile.co.uk> Resent-Message-ID: <200904141720.n3EHK351073480@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 133729
>Category: ports
>Synopsis: [maintainer] databases/phpmyadmin -- security update to 3.1.3.2
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Apr 14 17:20:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 7.2-PRERELEASE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 7.2-PRERELEASE FreeBSD 7.2-PRERELEASE #60: Sun Mar 29 22:33:09 BST 2009 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386
>Description:
It's Deją-vu all over again.
>From the announce message:
"Welcome to phpMyAdmin 3.1.3.2, a security-fix version.
Details will appear on http://phpmyadmin.net. In a hurry? you can
visit http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team"
The changelog at http://sourceforge.net/project/shownotes.php?group_id=23067&release_id=675804
"Changes:
3.1.3.2 (2009-04-14)
- [security] Insufficient output sanitizing when generating configuration file"
>How-To-Repeat:
>Fix:
--- phpmyadmin.diff begins here ---
diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile
--- /usr/ports/databases/phpmyadmin/Makefile 2009-03-28 04:59:15.000000000 +0000
+++ phpmyadmin/Makefile 2009-04-14 18:03:52.000000000 +0100
@@ -6,7 +6,7 @@
#
PORTNAME= phpMyAdmin
-DISTVERSION= 3.1.3.1
+DISTVERSION= 3.1.3.2
CATEGORIES= databases www
MASTER_SITES= SF/phpmyadmin
DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages
diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo
--- /usr/ports/databases/phpmyadmin/distinfo 2009-03-28 04:59:15.000000000 +0000
+++ phpmyadmin/distinfo 2009-04-14 18:04:14.000000000 +0100
@@ -1,3 +1,3 @@
-MD5 (phpMyAdmin-3.1.3.1-all-languages.tar.bz2) = 34fe1a16cb77bb3bc1e3e4288b5bbd43
-SHA256 (phpMyAdmin-3.1.3.1-all-languages.tar.bz2) = a85a15bca2e3ad2c712e384b24a7556d5136198932c06af55a0b28a17756da7d
-SIZE (phpMyAdmin-3.1.3.1-all-languages.tar.bz2) = 2653495
+MD5 (phpMyAdmin-3.1.3.2-all-languages.tar.bz2) = 8039f9f97521f8af46293eac37d623a8
+SHA256 (phpMyAdmin-3.1.3.2-all-languages.tar.bz2) = 14a1f3d7891602766d19cf807faf227fd7bc647f0ce16f4e6fc9c63110306442
+SIZE (phpMyAdmin-3.1.3.2-all-languages.tar.bz2) = 2653037
--- phpmyadmin.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904141711.n3EHBRQ4001005>