Date: Fri, 25 Jul 2008 09:36:30 +0100 (BST) From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: sec-team@FreeBSD.org Subject: ports/125951: [maintainer] databases/phpmysadmin -- security update to 2.11.8-rc1 Message-ID: <200807250836.m6P8aUdi018211@happy-idiot-talk.infracaninophile.co.uk> Resent-Message-ID: <200807250840.m6P8e2im070981@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 125951 >Category: ports >Synopsis: [maintainer] databases/phpmysadmin -- security update to 2.11.8-rc1 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Fri Jul 25 08:40:02 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 7.0-STABLE i386 >Organization: Infracaninophile >Environment: System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 7.0-STABLE FreeBSD 7.0-STABLE #40: Tue Jul 22 06:35:48 BST 2008 root@happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386 >Description: >From the "here we go again!" dept. As announced, yet more security updates: Welcome to phpMyAdmin 2.11.8-rc1, the first release candidate containing normal bug fixes and two security fixes. The security announcement will follow on http://www.phpmyadmin.net. The release notes and download info are available on http://www.phpmyadmin.net. Marc Delisle, for the team. No security advisory has been published yet, but the release notes (http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0) state: - [security] protection against cross-frame scripting and new directive AllowThirdPartyFraming - [security] possible XSS during setup >How-To-Repeat: >Fix: --- phpmyadmin.diff begins here --- diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile --- /usr/ports/databases/phpmyadmin/Makefile 2008-07-19 09:44:08.000000000 +0100 +++ phpmyadmin/Makefile 2008-07-24 19:50:59.000000000 +0100 @@ -6,7 +6,7 @@ # PORTNAME= phpMyAdmin -DISTVERSION= 2.11.7.1 +DISTVERSION= 2.11.8-rc1 CATEGORIES= databases www MASTER_SITES= SF/phpmyadmin DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo --- /usr/ports/databases/phpmyadmin/distinfo 2008-07-19 09:44:08.000000000 +0100 +++ phpmyadmin/distinfo 2008-07-24 19:52:20.000000000 +0100 @@ -1,3 +1,3 @@ -MD5 (phpMyAdmin-2.11.7.1-all-languages.tar.bz2) = 68f3933a0f1a01fe2d131bff597af1a3 -SHA256 (phpMyAdmin-2.11.7.1-all-languages.tar.bz2) = 6597fd02a152937909df8fa7fe991a39a668030d139f845fa5e70ca0ccaf5cad -SIZE (phpMyAdmin-2.11.7.1-all-languages.tar.bz2) = 3098663 +MD5 (phpMyAdmin-2.11.8-rc1-all-languages.tar.bz2) = 8bc9b5543665f1769af22755fcef56c0 +SHA256 (phpMyAdmin-2.11.8-rc1-all-languages.tar.bz2) = d0f5715109a59dcf74b54533c6cabf85b95c807002fdbe679d4d46fe937dc99c +SIZE (phpMyAdmin-2.11.8-rc1-all-languages.tar.bz2) = 3111324 --- phpmyadmin.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807250836.m6P8aUdi018211>