From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Nov 29 22:00:27 2010 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E0A8A10656BB for ; Mon, 29 Nov 2010 22:00:26 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 5B2B08FC32 for ; Mon, 29 Nov 2010 22:00:24 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id oATM0OYQ036635 for ; Mon, 29 Nov 2010 22:00:24 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id oATM0OSQ036609; Mon, 29 Nov 2010 22:00:24 GMT (envelope-from gnats) Resent-Date: Mon, 29 Nov 2010 22:00:24 GMT Resent-Message-Id: <201011292200.oATM0OSQ036609@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Matthew Seaman Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BF9ED1065746 for ; Mon, 29 Nov 2010 21:53:34 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3fd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 366EF8FC08; Mon, 29 Nov 2010 21:53:34 +0000 (UTC) Received: from lucid-nonsense.infracaninophile.co.uk (localhost [IPv6:::1]) by smtp.infracaninophile.co.uk (8.14.4/8.14.4) with ESMTP id oATLrTh3020764; Mon, 29 Nov 2010 21:53:29 GMT (envelope-from matthew@lucid-nonsense.infracaninophile.co.uk) Received: (from matthew@localhost) by lucid-nonsense.infracaninophile.co.uk (8.14.4/8.14.4/Submit) id oATLrSZZ020763; Mon, 29 Nov 2010 21:53:28 GMT (envelope-from matthew) Message-Id: <201011292153.oATLrSZZ020763@lucid-nonsense.infracaninophile.co.uk> Date: Mon, 29 Nov 2010 21:53:28 GMT From: Matthew Seaman To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: sectean@FreeBSD.org Subject: ports/152686: [maintainer] databases/phpmyadmin211 -- security update to 2.11.11.1 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Matthew Seaman List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Nov 2010 22:00:27 -0000 >Number: 152686 >Category: ports >Synopsis: [maintainer] databases/phpmyadmin211 -- security update to 2.11.11.1 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Mon Nov 29 22:00:23 UTC 2010 >Closed-Date: >Last-Modified: >Originator: Matthew Seaman >Release: FreeBSD 8.2-PRERELEASE amd64 >Organization: Infracaninophile >Environment: System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #24 r216010: Sun Nov 28 18:11:15 GMT 2010 root@lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64 >Description: Security Advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php CVE-2010-4329 There is a possibility of conducting an XSS attack using a spoofed request on the DB search script. >How-To-Repeat: >Fix: --- phpmyadmin211.diff begins here --- Index: Makefile =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin211/Makefile,v retrieving revision 1.105 diff -u -u -r1.105 Makefile --- Makefile 9 Sep 2010 13:44:37 -0000 1.105 +++ Makefile 29 Nov 2010 21:36:17 -0000 @@ -6,7 +6,7 @@ # PORTNAME= phpMyAdmin211 -DISTVERSION= 2.11.11 +DISTVERSION= 2.11.11.1 CATEGORIES= databases www MASTER_SITES= SF/phpmyadmin/phpMyAdmin/${PORTVERSION} DISTNAME= ${PORTNAME:S/211//}-${DISTVERSION}-all-languages Index: distinfo =================================================================== RCS file: /home/ncvs/ports/databases/phpmyadmin211/distinfo,v retrieving revision 1.84 diff -u -u -r1.84 distinfo --- distinfo 9 Sep 2010 13:44:37 -0000 1.84 +++ distinfo 29 Nov 2010 21:36:17 -0000 @@ -1,3 +1,2 @@ -MD5 (phpMyAdmin-2.11.11-all-languages.tar.bz2) = 2070acd094ec0128710d2e482d40df5f -SHA256 (phpMyAdmin-2.11.11-all-languages.tar.bz2) = 12b64418cbb14b6e988f7691beaeae95cf9524face4182dfac6f0e6b33779407 -SIZE (phpMyAdmin-2.11.11-all-languages.tar.bz2) = 3121351 +SHA256 (phpMyAdmin-2.11.11.1-all-languages.tar.bz2) = 736301873ae3d4f9dbfdc5611975d4de33338d509c596053cca16c462229822a +SIZE (phpMyAdmin-2.11.11.1-all-languages.tar.bz2) = 3122604 --- phpmyadmin211.diff ends here --- >Release-Note: >Audit-Trail: >Unformatted: