svn commit: r320032 - in head: databases/phpmyadmin security/vuxml

Matthew Seaman matthew at FreeBSD.org
Wed Jun 5 22:02:15 UTC 2013 

Author: matthew
Date: Wed Jun  5 22:02:13 2013
New Revision: 320032
URL: http://svnweb.freebsd.org/changeset/ports/320032

Log:
  Security upgrade to 4.0.3
  
  Advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php
  
  ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.3/phpMyAdmin-4.0.3-notes.html/view
  
  Security:	6b97436c-ce1e-11e2-9cb2-6805ca0b3d42

Modified:
  head/databases/phpmyadmin/Makefile
  head/databases/phpmyadmin/distinfo
  head/security/vuxml/vuln.xml

Modified: head/databases/phpmyadmin/Makefile
==============================================================================
--- head/databases/phpmyadmin/Makefile	Wed Jun  5 22:02:08 2013	(r320031)
+++ head/databases/phpmyadmin/Makefile	Wed Jun  5 22:02:13 2013	(r320032)
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	phpMyAdmin
-DISTVERSION=	4.0.2
+DISTVERSION=	4.0.3
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
 DISTNAME=	${PORTNAME}-${DISTVERSION}-all-languages

Modified: head/databases/phpmyadmin/distinfo
==============================================================================
--- head/databases/phpmyadmin/distinfo	Wed Jun  5 22:02:08 2013	(r320031)
+++ head/databases/phpmyadmin/distinfo	Wed Jun  5 22:02:13 2013	(r320032)
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-4.0.2-all-languages.tar.xz) = fad443ccfbf40c7e54bc04dde32423b9837a50e54771ff4c424ad31561d1082f
-SIZE (phpMyAdmin-4.0.2-all-languages.tar.xz) = 4360284
+SHA256 (phpMyAdmin-4.0.3-all-languages.tar.xz) = a1e2d663ee8976402dd18818cc8479eb34019a82553df0009af1036e63629a93
+SIZE (phpMyAdmin-4.0.3-all-languages.tar.xz) = 4400480

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Wed Jun  5 22:02:08 2013	(r320031)
+++ head/security/vuxml/vuln.xml	Wed Jun  5 22:02:13 2013	(r320032)
@@ -51,6 +51,37 @@ Note:  Please add new entries to the beg
 
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="6b97436c-ce1e-11e2-9cb2-6805ca0b3d42">
+    <topic>phpMyAdmin -- XSS due to unescaped HTML output in Create View page</topic>
+    <affects>
+      <package>
+	<name>phpMyAdmin</name>
+	<range><ge>4.0</ge><lt>4.0.3</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The phpMyAdmin development team reports:</p>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php">
+	  <p>When creating a view with a crafted name and an incorrect
+	  CREATE statement, it is possible to trigger an XSS.</p>
+	  <p>This vulnerability can be triggered only by someone who
+	  logged in to phpMyAdmin, as the usual token protection
+	  prevents non-logged-in users from accessing the required
+	  form.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php</url>
+      <cvename>CVE-2013-3742</cvename>
+    </references>
+    <dates>
+      <discovery>2013-06-05</discovery>
+      <entry>2013-06-05</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="a3c2dee5-cdb9-11e2-b9ce-080027019be0">
     <topic>telepathy-gabble -- TLS verification bypass</topic>
     <affects>

More information about the svn-ports-head mailing list