ports/68557: [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1

Matthew Seaman m.seaman at infracaninophile.co.uk
Thu Jul 1 13:11:15 UTC 2004 

>Number:         68557
>Category:       ports
>Synopsis:       [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Jul 01 13:10:18 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 4.10-STABLE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 4.10-STABLE FreeBSD 4.10-STABLE #77: Wed Jun 30 12:50:07 BST 2004 root at happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386


	
>Description:

Security patch to version 2.5.7-pl1.  See

    http://sourceforge.net/forum/forum.php?forum_id=387635

    http://www.securityfocus.com/archive/1/367486/2004-06-28/2004-07-04/0

    There is a vulnerability in phpMyAdmin version 2.5.7. 
    This vulnerability would allow remote user to inject  
    php codes 
    to be executed by eval() function (in file left.php). 
    However, This vulnerability only effect if variable 
    $cfg['LeftFrameLight'] 
    set to    FALSE (in file config.inc.php) 

>How-To-Repeat:
	
>Fix:

	

--- phpmyadmin.diff begins here ---
diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile
--- /usr/ports/databases/phpmyadmin/Makefile	Thu Jun 10 09:51:41 2004
+++ phpmyadmin/Makefile	Thu Jul  1 13:50:03 2004
@@ -6,7 +6,8 @@
 #
 
 PORTNAME=	phpMyAdmin
-PORTVERSION=	2.5.7
+PORTVERSION=	2.5.7.1
+DISTNAME=	${PORTNAME}-${PORTVERSION:C/\.(.)$/-pl\1/}
 CATEGORIES=	databases www
 MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
 MASTER_SITE_SUBDIR=	phpmyadmin
diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo
--- /usr/ports/databases/phpmyadmin/distinfo	Thu Jun 10 09:51:41 2004
+++ phpmyadmin/distinfo	Thu Jul  1 13:43:54 2004
@@ -1,2 +1,2 @@
-MD5 (phpMyAdmin-2.5.7.tar.bz2) = f0f06811aa4f7c14e053ddd23002f40d
-SIZE (phpMyAdmin-2.5.7.tar.bz2) = 1121972
+MD5 (phpMyAdmin-2.5.7-pl1.tar.bz2) = 93b7c7f3dfcfd6df9c2ea26f31a51772
+SIZE (phpMyAdmin-2.5.7-pl1.tar.bz2) = 1123591
--- phpmyadmin.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list