Date: Sun, 28 Jul 2013 15:38:45 +0000 (UTC) From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r323835 - in head: databases/phpmyadmin databases/phpmyadmin35 security/vuxml Message-ID: <201307281538.r6SFcjES099393@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: matthew Date: Sun Jul 28 15:38:44 2013 New Revision: 323835 URL: http://svnweb.freebsd.org/changeset/ports/323835 Log: Security update: multiple vulnerabilities in databases/phpmyadmin and databases/phpmyadmin35 - update phpmyadmin to 4.0.4.2 ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view - update phpmyadmin35 to 3.5.8.2 ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view - vuxml The PMSA references shown have not been published yet, hence no CVE numbers and a lack of detail in the descriptions. Yes, PMSA-2013-10 is missing from the sequence. According to the security alert e-mail: "For more details, see the upcoming PMASA-2013-8 to PMASA-2013-15 (minus PMASA-2013-10 which is reserved for a future advisory)." Modified: head/databases/phpmyadmin/Makefile head/databases/phpmyadmin/distinfo head/databases/phpmyadmin35/Makefile head/databases/phpmyadmin35/distinfo head/security/vuxml/vuln.xml Modified: head/databases/phpmyadmin/Makefile ============================================================================== --- head/databases/phpmyadmin/Makefile Sun Jul 28 15:11:44 2013 (r323834) +++ head/databases/phpmyadmin/Makefile Sun Jul 28 15:38:44 2013 (r323835) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin -DISTVERSION= 4.0.4.1 +DISTVERSION= 4.0.4.2 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages Modified: head/databases/phpmyadmin/distinfo ============================================================================== --- head/databases/phpmyadmin/distinfo Sun Jul 28 15:11:44 2013 (r323834) +++ head/databases/phpmyadmin/distinfo Sun Jul 28 15:38:44 2013 (r323835) @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = da15749b29d2a3011f9ad83e035f7d8a4f478a0b14179b1d3ea9441e8739c6bb -SIZE (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = 4411500 +SHA256 (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 0c13b9136092e33c0e4ce07d88818b989a7aa45d5c47f089df69719b4cc97fe5 +SIZE (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 4367316 Modified: head/databases/phpmyadmin35/Makefile ============================================================================== --- head/databases/phpmyadmin35/Makefile Sun Jul 28 15:11:44 2013 (r323834) +++ head/databases/phpmyadmin35/Makefile Sun Jul 28 15:38:44 2013 (r323835) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin35 -DISTVERSION= 3.5.8.1 +DISTVERSION= 3.5.8.2 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L:S/35//}/${PORTNAME:S/35//}/${DISTVERSION} DISTNAME= ${PORTNAME:S/35//}-${DISTVERSION}-all-languages Modified: head/databases/phpmyadmin35/distinfo ============================================================================== --- head/databases/phpmyadmin35/distinfo Sun Jul 28 15:11:44 2013 (r323834) +++ head/databases/phpmyadmin35/distinfo Sun Jul 28 15:38:44 2013 (r323835) @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = c66737ff55369b1c9e4b116e68f3c517faf7c4bc17e289d008d74fde6c8260f6 -SIZE (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = 3744808 +SHA256 (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = fe9d4a6d25a953f291db171441314c31d3976f7d85296ceec26b1bb5ee84afe2 +SIZE (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = 3743436 Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun Jul 28 15:11:44 2013 (r323834) +++ head/security/vuxml/vuln.xml Sun Jul 28 15:38:44 2013 (r323835) @@ -51,6 +51,65 @@ Note: Please add new entries to the beg --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="f4a0212f-f797-11e2-9bb9-6805ca0b3d42"> + <topic>phpMyAdmin -- multiple vulnerabilities</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>4.0</ge><lt>4.0.4.2</lt></range> + </package> + <package> + <name>phpMyAdmin35</name> + <range><ge>3.5</ge><lt>3.5.8.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php">; + <p>Self-XSS in "Showing rows." (phpMyAdmin35 only)</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php">; + <p>Self-XSS in Display chart.</p> + <p>Stored XSS in Server status monitor.</p> + <p>Stored XSS in navigation panel logo link (phpMyAdmin35 only).</p> + <p>Self-XSS in setup, trusted proxies validation.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php">; + <p>Unencoded json object.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php">; + <p>Full path disclosure.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php">; + <p>Stored XSS in link transformation plugin.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php">; + <p>Self-XSS in schema export.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php">; + <p>Control user SQL injection in pmd_pdf.php.</p> + <p>Control user SQL injection in schema_export.php.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php</url>; + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php</url>; + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php</url>; + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php</url>; + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php</url>; + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php</url>; + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php</url>; + <url>http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view</url>; + <url>http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view</url>; + </references> + <dates> + <discovery>2013-07-28</discovery> + <entry>2013-07-28</entry> + </dates> + </vuln> + <vuln vid="049332d2-f6e1-11e2-82f3-000c29ee3065"> <topic>wordpress -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201307281538.r6SFcjES099393>