Date: Thu, 28 Jan 2016 07:47:24 +0000 (UTC) From: Matthew Seaman <matthew@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r407398 - branches/2016Q1/databases/phpmyadmin Message-ID: <201601280747.u0S7lOkn081721@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: matthew Date: Thu Jan 28 07:47:24 2016 New Revision: 407398 URL: https://svnweb.freebsd.org/changeset/ports/407398 Log: MFH: r407397 Security Update to 4.5.4 This is a combination of feature- and security- updates. The PMA project has not yet published the relevant advisories, so there is very little information available about what the vulnerabilities are and what versions they affect. PMSA-2016-1 to PMSA-2016-9 are expected to be available at https://www.phpmyadmin.net/security/ shortly. [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1 [Security] Unsafe generation of CSRF token, see PMASA-2016-2 [Security] Multiple XSS vulnerabilities, see PMASA-2016-3 [Security] Insecure password generation in JavaScript, see PMASA-2016-4 [Security] Unsafe comparison of CSRF token, see PMASA-2016-5 [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6 [Security] XSS vulnerability in normalization page, see PMASA-2016-7 [Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8 [Security] XSS vulnerability in SQL editor, see PMASA-2016-9 VuXML entries to follow once the advisories are available. Approved by: ports-secteam (miwi) ChangeLog: https://www.phpmyadmin.net/files/4.5.4/ Security: https://www.phpmyadmin.net/security/PMASA-2016-1/ Security: https://www.phpmyadmin.net/security/PMASA-2016-2/ Security: https://www.phpmyadmin.net/security/PMASA-2016-3/ Security: https://www.phpmyadmin.net/security/PMASA-2016-4/ Security: https://www.phpmyadmin.net/security/PMASA-2016-5/ Security: https://www.phpmyadmin.net/security/PMASA-2016-6/ Security: https://www.phpmyadmin.net/security/PMASA-2016-7/ Security: https://www.phpmyadmin.net/security/PMASA-2016-8/ Security: https://www.phpmyadmin.net/security/PMASA-2016-9/ Modified: branches/2016Q1/databases/phpmyadmin/Makefile branches/2016Q1/databases/phpmyadmin/distinfo Directory Properties: branches/2016Q1/ (props changed) Modified: branches/2016Q1/databases/phpmyadmin/Makefile ============================================================================== --- branches/2016Q1/databases/phpmyadmin/Makefile Thu Jan 28 07:37:59 2016 (r407397) +++ branches/2016Q1/databases/phpmyadmin/Makefile Thu Jan 28 07:47:24 2016 (r407398) @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin -DISTVERSION= 4.5.3.1 +DISTVERSION= 4.5.4 CATEGORIES= databases www MASTER_SITES= https://files.phpmyadmin.net/${PORTNAME}/${DISTVERSION}/ DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages Modified: branches/2016Q1/databases/phpmyadmin/distinfo ============================================================================== --- branches/2016Q1/databases/phpmyadmin/distinfo Thu Jan 28 07:37:59 2016 (r407397) +++ branches/2016Q1/databases/phpmyadmin/distinfo Thu Jan 28 07:47:24 2016 (r407398) @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-4.5.3.1-all-languages.tar.xz) = 75be3589b5e4800afb21581761478ddc5b888d6a09d5235a0ba997401d04fc00 -SIZE (phpMyAdmin-4.5.3.1-all-languages.tar.xz) = 5757736 +SHA256 (phpMyAdmin-4.5.4-all-languages.tar.xz) = 544670aea61d40c1a6e569f0955de2725c354f61c959870749b525d6b3d503dd +SIZE (phpMyAdmin-4.5.4-all-languages.tar.xz) = 5810856
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601280747.u0S7lOkn081721>