svn commit: r323835 - in head: databases/phpmyadmin databases/phpmyadmin35 security/vuxml
Matthew Seaman
matthew at FreeBSD.org
Sun Jul 28 15:38:46 UTC 2013
Author: matthew
Date: Sun Jul 28 15:38:44 2013
New Revision: 323835
URL: http://svnweb.freebsd.org/changeset/ports/323835
Log:
Security update: multiple vulnerabilities in databases/phpmyadmin and
databases/phpmyadmin35
- update phpmyadmin to 4.0.4.2
ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view
- update phpmyadmin35 to 3.5.8.2
ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view
- vuxml
The PMSA references shown have not been published yet, hence no CVE
numbers and a lack of detail in the descriptions. Yes, PMSA-2013-10
is missing from the sequence. According to the security alert e-mail:
"For more details, see the upcoming PMASA-2013-8 to PMASA-2013-15 (minus
PMASA-2013-10 which is reserved for a future advisory)."
Modified:
head/databases/phpmyadmin/Makefile
head/databases/phpmyadmin/distinfo
head/databases/phpmyadmin35/Makefile
head/databases/phpmyadmin35/distinfo
head/security/vuxml/vuln.xml
Modified: head/databases/phpmyadmin/Makefile
==============================================================================
--- head/databases/phpmyadmin/Makefile Sun Jul 28 15:11:44 2013 (r323834)
+++ head/databases/phpmyadmin/Makefile Sun Jul 28 15:38:44 2013 (r323835)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= phpMyAdmin
-DISTVERSION= 4.0.4.1
+DISTVERSION= 4.0.4.2
CATEGORIES= databases www
MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages
Modified: head/databases/phpmyadmin/distinfo
==============================================================================
--- head/databases/phpmyadmin/distinfo Sun Jul 28 15:11:44 2013 (r323834)
+++ head/databases/phpmyadmin/distinfo Sun Jul 28 15:38:44 2013 (r323835)
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = da15749b29d2a3011f9ad83e035f7d8a4f478a0b14179b1d3ea9441e8739c6bb
-SIZE (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = 4411500
+SHA256 (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 0c13b9136092e33c0e4ce07d88818b989a7aa45d5c47f089df69719b4cc97fe5
+SIZE (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 4367316
Modified: head/databases/phpmyadmin35/Makefile
==============================================================================
--- head/databases/phpmyadmin35/Makefile Sun Jul 28 15:11:44 2013 (r323834)
+++ head/databases/phpmyadmin35/Makefile Sun Jul 28 15:38:44 2013 (r323835)
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= phpMyAdmin35
-DISTVERSION= 3.5.8.1
+DISTVERSION= 3.5.8.2
CATEGORIES= databases www
MASTER_SITES= SF/${PORTNAME:L:S/35//}/${PORTNAME:S/35//}/${DISTVERSION}
DISTNAME= ${PORTNAME:S/35//}-${DISTVERSION}-all-languages
Modified: head/databases/phpmyadmin35/distinfo
==============================================================================
--- head/databases/phpmyadmin35/distinfo Sun Jul 28 15:11:44 2013 (r323834)
+++ head/databases/phpmyadmin35/distinfo Sun Jul 28 15:38:44 2013 (r323835)
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = c66737ff55369b1c9e4b116e68f3c517faf7c4bc17e289d008d74fde6c8260f6
-SIZE (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = 3744808
+SHA256 (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = fe9d4a6d25a953f291db171441314c31d3976f7d85296ceec26b1bb5ee84afe2
+SIZE (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = 3743436
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Jul 28 15:11:44 2013 (r323834)
+++ head/security/vuxml/vuln.xml Sun Jul 28 15:38:44 2013 (r323835)
@@ -51,6 +51,65 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="f4a0212f-f797-11e2-9bb9-6805ca0b3d42">
+ <topic>phpMyAdmin -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>phpMyAdmin</name>
+ <range><ge>4.0</ge><lt>4.0.4.2</lt></range>
+ </package>
+ <package>
+ <name>phpMyAdmin35</name>
+ <range><ge>3.5</ge><lt>3.5.8.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMyAdmin development team reports:</p>
+ <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php">
+ <p>Self-XSS in "Showing rows." (phpMyAdmin35 only)</p>
+ </blockquote>
+ <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php">
+ <p>Self-XSS in Display chart.</p>
+ <p>Stored XSS in Server status monitor.</p>
+ <p>Stored XSS in navigation panel logo link (phpMyAdmin35 only).</p>
+ <p>Self-XSS in setup, trusted proxies validation.</p>
+ </blockquote>
+ <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php">
+ <p>Unencoded json object.</p>
+ </blockquote>
+ <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php">
+ <p>Full path disclosure.</p>
+ </blockquote>
+ <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php">
+ <p>Stored XSS in link transformation plugin.</p>
+ </blockquote>
+ <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php">
+ <p>Self-XSS in schema export.</p>
+ </blockquote>
+ <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php">
+ <p>Control user SQL injection in pmd_pdf.php.</p>
+ <p>Control user SQL injection in schema_export.php.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php</url>
+ <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php</url>
+ <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php</url>
+ <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php</url>
+ <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php</url>
+ <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php</url>
+ <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php</url>
+ <url>http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view</url>
+ <url>http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view</url>
+ </references>
+ <dates>
+ <discovery>2013-07-28</discovery>
+ <entry>2013-07-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="049332d2-f6e1-11e2-82f3-000c29ee3065">
<topic>wordpress -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list