svn commit: r323835 - in head: databases/phpmyadmin databases/phpmyadmin35 security/vuxml

Matthew Seaman matthew at FreeBSD.org
Sun Jul 28 15:38:46 UTC 2013 

Author: matthew
Date: Sun Jul 28 15:38:44 2013
New Revision: 323835
URL: http://svnweb.freebsd.org/changeset/ports/323835

Log:
  Security update: multiple vulnerabilities in databases/phpmyadmin and
  databases/phpmyadmin35
  
   - update phpmyadmin to 4.0.4.2
  
  ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view
  
   - update phpmyadmin35 to 3.5.8.2
  
  ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view
  
   - vuxml
  
  The PMSA references shown have not been published yet, hence no CVE
  numbers and a lack of detail in the descriptions.  Yes, PMSA-2013-10
  is missing from the sequence.  According to the security alert e-mail:
  
     "For more details, see the upcoming PMASA-2013-8 to PMASA-2013-15 (minus
      PMASA-2013-10 which is reserved for a future advisory)."

Modified:
  head/databases/phpmyadmin/Makefile
  head/databases/phpmyadmin/distinfo
  head/databases/phpmyadmin35/Makefile
  head/databases/phpmyadmin35/distinfo
  head/security/vuxml/vuln.xml

Modified: head/databases/phpmyadmin/Makefile
==============================================================================
--- head/databases/phpmyadmin/Makefile	Sun Jul 28 15:11:44 2013	(r323834)
+++ head/databases/phpmyadmin/Makefile	Sun Jul 28 15:38:44 2013	(r323835)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	phpMyAdmin
-DISTVERSION=	4.0.4.1
+DISTVERSION=	4.0.4.2
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
 DISTNAME=	${PORTNAME}-${DISTVERSION}-all-languages

Modified: head/databases/phpmyadmin/distinfo
==============================================================================
--- head/databases/phpmyadmin/distinfo	Sun Jul 28 15:11:44 2013	(r323834)
+++ head/databases/phpmyadmin/distinfo	Sun Jul 28 15:38:44 2013	(r323835)
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = da15749b29d2a3011f9ad83e035f7d8a4f478a0b14179b1d3ea9441e8739c6bb
-SIZE (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = 4411500
+SHA256 (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 0c13b9136092e33c0e4ce07d88818b989a7aa45d5c47f089df69719b4cc97fe5
+SIZE (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 4367316

Modified: head/databases/phpmyadmin35/Makefile
==============================================================================
--- head/databases/phpmyadmin35/Makefile	Sun Jul 28 15:11:44 2013	(r323834)
+++ head/databases/phpmyadmin35/Makefile	Sun Jul 28 15:38:44 2013	(r323835)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	phpMyAdmin35
-DISTVERSION=	3.5.8.1
+DISTVERSION=	3.5.8.2
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME:L:S/35//}/${PORTNAME:S/35//}/${DISTVERSION}
 DISTNAME=	${PORTNAME:S/35//}-${DISTVERSION}-all-languages

Modified: head/databases/phpmyadmin35/distinfo
==============================================================================
--- head/databases/phpmyadmin35/distinfo	Sun Jul 28 15:11:44 2013	(r323834)
+++ head/databases/phpmyadmin35/distinfo	Sun Jul 28 15:38:44 2013	(r323835)
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = c66737ff55369b1c9e4b116e68f3c517faf7c4bc17e289d008d74fde6c8260f6
-SIZE (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = 3744808
+SHA256 (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = fe9d4a6d25a953f291db171441314c31d3976f7d85296ceec26b1bb5ee84afe2
+SIZE (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = 3743436

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sun Jul 28 15:11:44 2013	(r323834)
+++ head/security/vuxml/vuln.xml	Sun Jul 28 15:38:44 2013	(r323835)
@@ -51,6 +51,65 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="f4a0212f-f797-11e2-9bb9-6805ca0b3d42">
+    <topic>phpMyAdmin -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>phpMyAdmin</name>
+	<range><ge>4.0</ge><lt>4.0.4.2</lt></range>
+      </package>
+      <package>
+	<name>phpMyAdmin35</name>
+	<range><ge>3.5</ge><lt>3.5.8.2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The phpMyAdmin development team reports:</p>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php">
+	  <p>Self-XSS in "Showing rows." (phpMyAdmin35 only)</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php">
+	  <p>Self-XSS in Display chart.</p>
+	  <p>Stored XSS in Server status monitor.</p>
+	  <p>Stored XSS in navigation panel logo link (phpMyAdmin35 only).</p>
+	  <p>Self-XSS in setup, trusted proxies validation.</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php">
+	  <p>Unencoded json object.</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php">
+	  <p>Full path disclosure.</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php">
+	  <p>Stored XSS in link transformation plugin.</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php">
+	  <p>Self-XSS in schema export.</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php">
+	  <p>Control user SQL injection in pmd_pdf.php.</p>
+	  <p>Control user SQL injection in schema_export.php.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php</url>
+      <url>http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view</url>
+      <url>http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view</url>
+    </references>
+    <dates>
+      <discovery>2013-07-28</discovery>
+      <entry>2013-07-28</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="049332d2-f6e1-11e2-82f3-000c29ee3065">
     <topic>wordpress -- multiple vulnerabilities</topic>
     <affects>

More information about the svn-ports-head mailing list