ports/68557: [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Jul 1 13:11:15 UTC 2004
>Number: 68557
>Category: ports
>Synopsis: [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Thu Jul 01 13:10:18 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 4.10-STABLE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.10-STABLE FreeBSD 4.10-STABLE #77: Wed Jun 30 12:50:07 BST 2004 root at happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386
>Description:
Security patch to version 2.5.7-pl1. See
http://sourceforge.net/forum/forum.php?forum_id=387635
http://www.securityfocus.com/archive/1/367486/2004-06-28/2004-07-04/0
There is a vulnerability in phpMyAdmin version 2.5.7.
This vulnerability would allow remote user to inject
php codes
to be executed by eval() function (in file left.php).
However, This vulnerability only effect if variable
$cfg['LeftFrameLight']
set to FALSE (in file config.inc.php)
>How-To-Repeat:
>Fix:
--- phpmyadmin.diff begins here ---
diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile
--- /usr/ports/databases/phpmyadmin/Makefile Thu Jun 10 09:51:41 2004
+++ phpmyadmin/Makefile Thu Jul 1 13:50:03 2004
@@ -6,7 +6,8 @@
#
PORTNAME= phpMyAdmin
-PORTVERSION= 2.5.7
+PORTVERSION= 2.5.7.1
+DISTNAME= ${PORTNAME}-${PORTVERSION:C/\.(.)$/-pl\1/}
CATEGORIES= databases www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= phpmyadmin
diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo
--- /usr/ports/databases/phpmyadmin/distinfo Thu Jun 10 09:51:41 2004
+++ phpmyadmin/distinfo Thu Jul 1 13:43:54 2004
@@ -1,2 +1,2 @@
-MD5 (phpMyAdmin-2.5.7.tar.bz2) = f0f06811aa4f7c14e053ddd23002f40d
-SIZE (phpMyAdmin-2.5.7.tar.bz2) = 1121972
+MD5 (phpMyAdmin-2.5.7-pl1.tar.bz2) = 93b7c7f3dfcfd6df9c2ea26f31a51772
+SIZE (phpMyAdmin-2.5.7-pl1.tar.bz2) = 1123591
--- phpmyadmin.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list