Date: Fri, 25 Jul 2008 09:36:30 +0100 (BST) From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: sec-team@FreeBSD.org Subject: ports/125951: [maintainer] databases/phpmysadmin -- security update to 2.11.8-rc1 Message-ID: <200807250836.m6P8aUdi018211@happy-idiot-talk.infracaninophile.co.uk> Resent-Message-ID: <200807250840.m6P8e2im070981@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 125951
>Category: ports
>Synopsis: [maintainer] databases/phpmysadmin -- security update to 2.11.8-rc1
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 25 08:40:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 7.0-STABLE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 7.0-STABLE FreeBSD 7.0-STABLE #40: Tue Jul 22 06:35:48 BST 2008 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386
>Description:
>From the "here we go again!" dept. As announced, yet more security
updates:
Welcome to phpMyAdmin 2.11.8-rc1, the first release candidate
containing normal bug fixes and two security fixes.
The security announcement will follow on
http://www.phpmyadmin.net.
The release notes and download info are available on
http://www.phpmyadmin.net.
Marc Delisle, for the team.
No security advisory has been published yet, but the release notes
(http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0) state:
- [security] protection against cross-frame scripting and
new directive AllowThirdPartyFraming
- [security] possible XSS during setup
>How-To-Repeat:
>Fix:
--- phpmyadmin.diff begins here ---
diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile
--- /usr/ports/databases/phpmyadmin/Makefile 2008-07-19 09:44:08.000000000 +0100
+++ phpmyadmin/Makefile 2008-07-24 19:50:59.000000000 +0100
@@ -6,7 +6,7 @@
#
PORTNAME= phpMyAdmin
-DISTVERSION= 2.11.7.1
+DISTVERSION= 2.11.8-rc1
CATEGORIES= databases www
MASTER_SITES= SF/phpmyadmin
DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages
diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo
--- /usr/ports/databases/phpmyadmin/distinfo 2008-07-19 09:44:08.000000000 +0100
+++ phpmyadmin/distinfo 2008-07-24 19:52:20.000000000 +0100
@@ -1,3 +1,3 @@
-MD5 (phpMyAdmin-2.11.7.1-all-languages.tar.bz2) = 68f3933a0f1a01fe2d131bff597af1a3
-SHA256 (phpMyAdmin-2.11.7.1-all-languages.tar.bz2) = 6597fd02a152937909df8fa7fe991a39a668030d139f845fa5e70ca0ccaf5cad
-SIZE (phpMyAdmin-2.11.7.1-all-languages.tar.bz2) = 3098663
+MD5 (phpMyAdmin-2.11.8-rc1-all-languages.tar.bz2) = 8bc9b5543665f1769af22755fcef56c0
+SHA256 (phpMyAdmin-2.11.8-rc1-all-languages.tar.bz2) = d0f5715109a59dcf74b54533c6cabf85b95c807002fdbe679d4d46fe937dc99c
+SIZE (phpMyAdmin-2.11.8-rc1-all-languages.tar.bz2) = 3111324
--- phpmyadmin.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807250836.m6P8aUdi018211>