ports/124900: [maintainer] databases/phpmyadmin -- security update to 2.11.7-rc2
Matthew Seaman
m.seaman at infracaninophile.co.uk
Mon Jun 23 06:20:02 UTC 2008
>Number: 124900
>Category: ports
>Synopsis: [maintainer] databases/phpmyadmin -- security update to 2.11.7-rc2
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Mon Jun 23 06:20:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 7.0-STABLE i386
>Organization:
Infracaninophile
>Environment:
System: FreeBSD happy-idiot-talk.infracaninophile.co.uk 7.0-STABLE FreeBSD 7.0-STABLE #39: Thu Jun 19 21:16:44 BST 2008 root at happy-idiot-talk.infracaninophile.co.uk:/usr/obj/usr/src/sys/HAPPY-IDIOT-TALK i386
>Description:
Update to a release candidate version, counter to my usual policy of
just tracking release versions, as there is a security fix included.
The phpMyAdmin project seems to be being a bit coy about releasing an
advisory though:
>From the changelog:
- protection against XSS when register_globals is on and .htaccess
has no effect, thanks to Tim Starling
The Announcement message:
"Welcome to the second release candidate for phpMyAdmin 2.11.7, a
bugfix-only release. This rc contains a security fix; an advisory will
be published in a few days.
Download info available on http://www.phpmyadmin.net.
Marc Delisle, for the team"
>How-To-Repeat:
>Fix:
--- phpmyadmin.diff begins here ---
diff -Nur /usr/ports/databases/phpmyadmin/Makefile phpmyadmin/Makefile
--- /usr/ports/databases/phpmyadmin/Makefile 2008-05-01 14:51:02.000000000 +0100
+++ phpmyadmin/Makefile 2008-06-23 07:04:45.000000000 +0100
@@ -6,11 +6,11 @@
#
PORTNAME= phpMyAdmin
-DISTVERSION= 2.11.6
+DISTVERSION= 2.11.7-rc2
CATEGORIES= databases www
MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR= phpmyadmin
-DISTNAME= ${PORTNAME}-${PORTVERSION}-all-languages
+DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages
MAINTAINER= m.seaman at infracaninophile.co.uk
COMMENT= A set of PHP-scripts to manage MySQL over the web
diff -Nur /usr/ports/databases/phpmyadmin/distinfo phpmyadmin/distinfo
--- /usr/ports/databases/phpmyadmin/distinfo 2008-05-01 14:51:02.000000000 +0100
+++ phpmyadmin/distinfo 2008-06-23 07:05:22.000000000 +0100
@@ -1,3 +1,3 @@
-MD5 (phpMyAdmin-2.11.6-all-languages.tar.bz2) = 0477a97e80e12c97fef671365db910a5
-SHA256 (phpMyAdmin-2.11.6-all-languages.tar.bz2) = e35e61b9b4fc4545097a18e66c73ee2d189bcb1b97da65ebc7d66584f28f3a90
-SIZE (phpMyAdmin-2.11.6-all-languages.tar.bz2) = 3097302
+MD5 (phpMyAdmin-2.11.7-rc2-all-languages.tar.bz2) = 971e81c9844a456a10a3cf78945ddb13
+SHA256 (phpMyAdmin-2.11.7-rc2-all-languages.tar.bz2) = ae19792ecd5fae360616c7ba59ab33e475109ab764d73edaf19c25df1194951c
+SIZE (phpMyAdmin-2.11.7-rc2-all-languages.tar.bz2) = 3098928
--- phpmyadmin.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list