ports/108014: [maintainer] databases/phpmyadmin security upgrade to 2.9.2
Matthew Seaman
m.seaman at infracaninophile.co.uk
Tue Jan 16 20:40:23 UTC 2007
>Number: 108014
>Category: ports
>Synopsis: [maintainer] databases/phpmyadmin security upgrade to 2.9.2
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Tue Jan 16 20:40:21 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 6.2-PRERELEASE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 6.2-PRERELEASE FreeBSD 6.2-PRERELEASE #6: Sun Jan 14 11:13:39 GMT 2007 root at happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386
>Description:
This is the final release of version 2.9.2, which is actually unchanged
from the preliminary 2.9.2.rc1 currently in ports. That release was a
fast reaction to the vulnerabilities more fully documented with this
release.
Release Announcement:
phpMyAdmin 2.9.2 - January 16, 2007
======================================
A set of PHP-scripts to administrate MySQL over the Web.
--------------------------------------------------------
Announcement
------------
The phpMyAdmin Project announces the immediate availability
of phpMyAdmin 2.9.2, a bugfix-only release containing security fixes.
See the Security section of phpmyadmin.net for details.
phpMyAdmin is a web administration tool for MySQL databases, intended to
handle a whole database server as well as a single database. Over the
years, it has become the most popular Web GUI for MySQL.
Fixes
-----
* improved support for web clusters
* deleting a user under MySQL 4.1.x
* DELIMITER in export no longer commented out
* export of query results and procedure definitions
* detection of a binary column
* problem on 64-bit systems
* granting all privileges on a wildcard name
* verification on encrypted zip files
* security fixes
ChangeLog:
https://sourceforge.net/project/shownotes.php?release_id=478992
or
http://www.phpmyadmin.net/ChangeLog.txt
Advisories:
http://www.securityfocus.com/archive/1/453432
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1
http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2
Note: 2.9.2.rc1 is also not vulnerable to the problems covered in
these advisories. 2.9.1.1 and earlier are.
>How-To-Repeat:
>Fix:
--- phpmyadmin.diff begins here ---
diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile
--- /usr/ports/databases/phpmyadmin/Makefile Wed Jan 10 18:53:31 2007
+++ phpmyadmin/Makefile Tue Jan 16 20:11:38 2007
@@ -6,11 +6,11 @@
#
PORTNAME= phpMyAdmin
-DISTVERSION= 2.9.2.r1
+DISTVERSION= 2.9.2
CATEGORIES= databases www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= phpmyadmin
-DISTNAME= ${PORTNAME}-${PORTVERSION:C/\.r(.)/-rc\1/}-all-languages
+DISTNAME= ${PORTNAME}-${PORTVERSION}-all-languages
MAINTAINER= m.seaman at infracaninophile.co.uk
COMMENT= A set of PHP-scripts to manage MySQL over the web
diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo
--- /usr/ports/databases/phpmyadmin/distinfo Wed Jan 10 18:53:31 2007
+++ phpmyadmin/distinfo Tue Jan 16 20:15:19 2007
@@ -1,3 +1,3 @@
-MD5 (phpMyAdmin-2.9.2-rc1-all-languages.tar.bz2) = 86c3f72b2853fb3b50703749af8c42f7
-SHA256 (phpMyAdmin-2.9.2-rc1-all-languages.tar.bz2) = dd10b5f49c0837d7b884fc395176a3b76eef586eb84177d2adc6474b0d9e53a5
-SIZE (phpMyAdmin-2.9.2-rc1-all-languages.tar.bz2) = 2352924
+MD5 (phpMyAdmin-2.9.2-all-languages.tar.bz2) = 8d67cab6f93da370929622d0ef96839a
+SHA256 (phpMyAdmin-2.9.2-all-languages.tar.bz2) = 9f53c41d7334e8234654512678a1de7b41f47c9149d2352216dd82cb351269f6
+SIZE (phpMyAdmin-2.9.2-all-languages.tar.bz2) = 2351428
--- phpmyadmin.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list