Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 1 Jul 2004 14:00:33 +0100 (BST)
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        FreeBSD-gnats-submit@FreeBSD.org
Subject:   ports/68557: [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1
Message-ID:  <200407011300.i61D0XBo067312@happy-idiot-talk.infracaninophile.co.uk>
Resent-Message-ID: <200407011310.i61DAIVD025645@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         68557
>Category:       ports
>Synopsis:       [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 01 13:10:18 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.10-STABLE FreeBSD 4.10-STABLE #77: Wed Jun 30 12:50:07 BST 2004 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386


	
>Description:

Security patch to version 2.5.7-pl1.  See

    http://sourceforge.net/forum/forum.php?forum_id=387635

    http://www.securityfocus.com/archive/1/367486/2004-06-28/2004-07-04/0

    There is a vulnerability in phpMyAdmin version 2.5.7. 
    This vulnerability would allow remote user to inject  
    php codes 
    to be executed by eval() function (in file left.php). 
    However, This vulnerability only effect if variable 
    $cfg['LeftFrameLight'] 
    set to    FALSE (in file config.inc.php) 

>How-To-Repeat:
	
>Fix:

	

--- phpmyadmin.diff begins here ---
diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile
--- /usr/ports/databases/phpmyadmin/Makefile	Thu Jun 10 09:51:41 2004
+++ phpmyadmin/Makefile	Thu Jul  1 13:50:03 2004
@@ -6,7 +6,8 @@
 #
 
 PORTNAME=	phpMyAdmin
-PORTVERSION=	2.5.7
+PORTVERSION=	2.5.7.1
+DISTNAME=	${PORTNAME}-${PORTVERSION:C/\.(.)$/-pl\1/}
 CATEGORIES=	databases www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	phpmyadmin
diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo
--- /usr/ports/databases/phpmyadmin/distinfo	Thu Jun 10 09:51:41 2004
+++ phpmyadmin/distinfo	Thu Jul  1 13:43:54 2004
@@ -1,2 +1,2 @@
-MD5 (phpMyAdmin-2.5.7.tar.bz2) = f0f06811aa4f7c14e053ddd23002f40d
-SIZE (phpMyAdmin-2.5.7.tar.bz2) = 1121972
+MD5 (phpMyAdmin-2.5.7-pl1.tar.bz2) = 93b7c7f3dfcfd6df9c2ea26f31a51772
+SIZE (phpMyAdmin-2.5.7-pl1.tar.bz2) = 1123591
--- phpmyadmin.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200407011300.i61D0XBo067312>