From owner-freebsd-ports-bugs@FreeBSD.ORG Thu Jul 1 13:11:15 2004 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 76D5D16A4CE for ; Thu, 1 Jul 2004 13:11:15 +0000 (GMT) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6869243D4C for ; Thu, 1 Jul 2004 13:11:15 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) i61DAIJ4025646 for ; Thu, 1 Jul 2004 13:10:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.12.11/8.12.11/Submit) id i61DAIVD025645; Thu, 1 Jul 2004 13:10:18 GMT (envelope-from gnats) Resent-Date: Thu, 1 Jul 2004 13:10:18 GMT Resent-Message-Id: <200407011310.i61DAIVD025645@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthew Seaman Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8BE4B16A4CE for ; Thu, 1 Jul 2004 13:01:48 +0000 (GMT) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 343EE43D39 for ; Thu, 1 Jul 2004 13:01:47 +0000 (GMT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost.infracaninophile.co.uk [IPv6:::1])i61D0X2E067313 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 1 Jul 2004 14:00:33 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i61D0XBo067312; Thu, 1 Jul 2004 14:00:33 +0100 (BST) (envelope-from matthew) Message-Id: <200407011300.i61D0XBo067312@happy-idiot-talk.infracaninophile.co.uk> Date: Thu, 1 Jul 2004 14:00:33 +0100 (BST) From: Matthew Seaman To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Subject: ports/68557: [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Matthew Seaman List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Jul 2004 13:11:15 -0000 >Number: 68557 >Category: ports >Synopsis: [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1 >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Thu Jul 01 13:10:18 GMT 2004 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 4.10-STABLE i386 >Organization: Infracaninophile >Environment: System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.10-STABLE FreeBSD 4.10-STABLE #77: Wed Jun 30 12:50:07 BST 2004 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386 >Description: Security patch to version 2.5.7-pl1. See http://sourceforge.net/forum/forum.php?forum_id=387635 http://www.securityfocus.com/archive/1/367486/2004-06-28/2004-07-04/0 There is a vulnerability in phpMyAdmin version 2.5.7. This vulnerability would allow remote user to inject php codes to be executed by eval() function (in file left.php). However, This vulnerability only effect if variable $cfg['LeftFrameLight'] set to FALSE (in file config.inc.php) >How-To-Repeat: >Fix: --- phpmyadmin.diff begins here --- diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile --- /usr/ports/databases/phpmyadmin/Makefile Thu Jun 10 09:51:41 2004 +++ phpmyadmin/Makefile Thu Jul 1 13:50:03 2004 @@ -6,7 +6,8 @@ # PORTNAME= phpMyAdmin -PORTVERSION= 2.5.7 +PORTVERSION= 2.5.7.1 +DISTNAME= ${PORTNAME}-${PORTVERSION:C/\.(.)$/-pl\1/} CATEGORIES= databases www MASTER_SITES= ${MASTER_SITE_SOURCEFORGE} MASTER_SITE_SUBDIR= phpmyadmin diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo --- /usr/ports/databases/phpmyadmin/distinfo Thu Jun 10 09:51:41 2004 +++ phpmyadmin/distinfo Thu Jul 1 13:43:54 2004 @@ -1,2 +1,2 @@ -MD5 (phpMyAdmin-2.5.7.tar.bz2) = f0f06811aa4f7c14e053ddd23002f40d -SIZE (phpMyAdmin-2.5.7.tar.bz2) = 1121972 +MD5 (phpMyAdmin-2.5.7-pl1.tar.bz2) = 93b7c7f3dfcfd6df9c2ea26f31a51772 +SIZE (phpMyAdmin-2.5.7-pl1.tar.bz2) = 1123591 --- phpmyadmin.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: