ports/154696: [maintainer] databases/phpmyadmin211 -- security update to 2.11.11.3

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Feb 11 20:40:05 UTC 2011 

>Number:         154696
>Category:       ports
>Synopsis:       [maintainer] databases/phpmyadmin211 -- security update to 2.11.11.3
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Feb 11 20:40:04 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 8.2-PRERELEASE amd64
>Organization:
Infracaninophile
>Environment:
System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #35 r217746M: Sun Jan 23 12:18:14 GMT 2011 root at lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64


	
>Description:

Secuirty update to 2.11.11.3:

Security advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php

Summary

SQL query could be executed under another user.
Description

It was possible to create a bookmark which would be executed unintentionally by other users.
Severity

We consider this vulnerability to be critical.
Mitigation factor

To use this vulnerability, phpMyAdmin configuration storage needs to be set up and enabled and bookmarks function needs to be enabled. 

>How-To-Repeat:
	
>Fix:

	

--- phpmyadmin211.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin211/Makefile,v
retrieving revision 1.107
diff -u -u -r1.107 Makefile
--- Makefile	9 Feb 2011 14:25:31 -0000	1.107
+++ Makefile	11 Feb 2011 20:35:43 -0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	phpMyAdmin211
-DISTVERSION=	2.11.11.2
+DISTVERSION=	2.11.11.3
 CATEGORIES=	databases www
 MASTER_SITES=	SF/phpmyadmin/phpMyAdmin/${PORTVERSION}
 DISTNAME=	${PORTNAME:S/211//}-${DISTVERSION}-all-languages
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin211/distinfo,v
retrieving revision 1.86
diff -u -u -r1.86 distinfo
--- distinfo	9 Feb 2011 14:25:31 -0000	1.86
+++ distinfo	11 Feb 2011 20:35:43 -0000
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-2.11.11.2-all-languages.tar.bz2) = b7bc6525d61841509ff870c4510977f4dadfdb94507e1e58cb33a19945f87e52
-SIZE (phpMyAdmin-2.11.11.2-all-languages.tar.bz2) = 3119454
+SHA256 (phpMyAdmin-2.11.11.3-all-languages.tar.bz2) = f51773f0db0f94c3e2dae601ae2b61df5c52fc13c6934779d0f2457186a27fbb
+SIZE (phpMyAdmin-2.11.11.3-all-languages.tar.bz2) = 3118923
--- phpmyadmin211.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list