Date: Sun, 3 Jul 2011 10:01:42 +0100 (BST) From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/158603: [maintainer] databases/phpmyadmin security update to 3.4.3.1 Message-ID: <201107030901.p6391gBc022297@lucid-nonsense.infracaninophile.co.uk> Resent-Message-ID: <201107030910.p639A9Ls079256@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 158603 >Category: ports >Synopsis: [maintainer] databases/phpmyadmin security update to 3.4.3.1 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Jul 03 09:10:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 8.2-STABLE amd64 >Organization: Infracaninophile >Environment: System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-STABLE FreeBSD 8.2-STABLE #44 r222989: Sat Jun 11 21:09:28 BST 2011 root@lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64 >Description: Security update to version 3.4.3.1 Announce message: "Welcome to phpMyAdmin 3.4.3.1 and to phpMyAdmin 3.3.10.2, which are security releases. Please refer to the upcoming PMASA-2011-5 to PMASA-2011-8 announcements on http://www.phpmyadmin.net/home_page/security/. Details will appear on http://phpmyadmin.net. In a hurry? you can visit http://sourceforge.net/projects/phpmyadmin to download. Marc Delisle, for the team" Security advisories: PMSA-2011-5 -- PMSA-2011-8 should appear at http://www.phpmyadmin.net/home_page/security/, but have not yet been published. ChangeLog: 3.4.3.1 (2011-07-02) - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7 - [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8 >How-To-Repeat: >Fix: --- phpmyadmin.diff begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v retrieving revision 1.137 diff -u -u -r1.137 Makefile --- Makefile 28 Jun 2011 07:22:44 -0000 1.137 +++ Makefile 3 Jul 2011 08:47:50 -0000 @@ -6,7 +6,7 @@ # PORTNAME= phpMyAdmin -DISTVERSION= 3.4.3 +DISTVERSION= 3.4.3.1 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${PORTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages Index: distinfo =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v retrieving revision 1.114 diff -u -u -r1.114 distinfo --- distinfo 28 Jun 2011 07:22:44 -0000 1.114 +++ distinfo 3 Jul 2011 08:47:50 -0000 @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-3.4.3-all-languages.tar.bz2) = 459343e9823b9b56e3f55e60e5e5ed406b9677cbfa1d1d1f4c1ccfb9855cb51e -SIZE (phpMyAdmin-3.4.3-all-languages.tar.bz2) = 4924786 +SHA256 (phpMyAdmin-3.4.3.1-all-languages.tar.bz2) = 138175f19802c5c1c70ceee14b89a86a19ee04917fd7bbd50b17bb200838eb69 +SIZE (phpMyAdmin-3.4.3.1-all-languages.tar.bz2) = 4924615 --- phpmyadmin.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201107030901.p6391gBc022297>