ports/154696: [maintainer] databases/phpmyadmin211 -- security update to 2.11.11.3
Matthew Seaman
m.seaman at infracaninophile.co.uk
Fri Feb 11 20:40:05 UTC 2011
>Number: 154696
>Category: ports
>Synopsis: [maintainer] databases/phpmyadmin211 -- security update to 2.11.11.3
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Fri Feb 11 20:40:04 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 8.2-PRERELEASE amd64
>Organization:
Infracaninophile
>Environment:
System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #35 r217746M: Sun Jan 23 12:18:14 GMT 2011 root at lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64
>Description:
Secuirty update to 2.11.11.3:
Security advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php
Summary
SQL query could be executed under another user.
Description
It was possible to create a bookmark which would be executed unintentionally by other users.
Severity
We consider this vulnerability to be critical.
Mitigation factor
To use this vulnerability, phpMyAdmin configuration storage needs to be set up and enabled and bookmarks function needs to be enabled.
>How-To-Repeat:
>Fix:
--- phpmyadmin211.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin211/Makefile,v
retrieving revision 1.107
diff -u -u -r1.107 Makefile
--- Makefile 9 Feb 2011 14:25:31 -0000 1.107
+++ Makefile 11 Feb 2011 20:35:43 -0000
@@ -6,7 +6,7 @@
#
PORTNAME= phpMyAdmin211
-DISTVERSION= 2.11.11.2
+DISTVERSION= 2.11.11.3
CATEGORIES= databases www
MASTER_SITES= SF/phpmyadmin/phpMyAdmin/${PORTVERSION}
DISTNAME= ${PORTNAME:S/211//}-${DISTVERSION}-all-languages
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin211/distinfo,v
retrieving revision 1.86
diff -u -u -r1.86 distinfo
--- distinfo 9 Feb 2011 14:25:31 -0000 1.86
+++ distinfo 11 Feb 2011 20:35:43 -0000
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-2.11.11.2-all-languages.tar.bz2) = b7bc6525d61841509ff870c4510977f4dadfdb94507e1e58cb33a19945f87e52
-SIZE (phpMyAdmin-2.11.11.2-all-languages.tar.bz2) = 3119454
+SHA256 (phpMyAdmin-2.11.11.3-all-languages.tar.bz2) = f51773f0db0f94c3e2dae601ae2b61df5c52fc13c6934779d0f2457186a27fbb
+SIZE (phpMyAdmin-2.11.11.3-all-languages.tar.bz2) = 3118923
--- phpmyadmin211.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list