ports/158603: [maintainer] databases/phpmyadmin security update to 3.4.3.1
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sun Jul 3 09:10:10 UTC 2011
>Number: 158603
>Category: ports
>Synopsis: [maintainer] databases/phpmyadmin security update to 3.4.3.1
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: maintainer-update
>Submitter-Id: current-users
>Arrival-Date: Sun Jul 03 09:10:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Matthew Seaman
>Release: FreeBSD 8.2-STABLE amd64
>Organization:
Infracaninophile
>Environment:
System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-STABLE FreeBSD 8.2-STABLE #44 r222989: Sat Jun 11 21:09:28 BST 2011 root at lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64
>Description:
Security update to version 3.4.3.1
Announce message:
"Welcome to phpMyAdmin 3.4.3.1 and to phpMyAdmin 3.3.10.2, which are
security releases.
Please refer to the upcoming PMASA-2011-5 to PMASA-2011-8 announcements
on http://www.phpmyadmin.net/home_page/security/.
Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team"
Security advisories:
PMSA-2011-5 -- PMSA-2011-8 should appear at
http://www.phpmyadmin.net/home_page/security/, but have not yet
been published.
ChangeLog:
3.4.3.1 (2011-07-02)
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
- [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
- [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8
>How-To-Repeat:
>Fix:
--- phpmyadmin.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v
retrieving revision 1.137
diff -u -u -r1.137 Makefile
--- Makefile 28 Jun 2011 07:22:44 -0000 1.137
+++ Makefile 3 Jul 2011 08:47:50 -0000
@@ -6,7 +6,7 @@
#
PORTNAME= phpMyAdmin
-DISTVERSION= 3.4.3
+DISTVERSION= 3.4.3.1
CATEGORIES= databases www
MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${PORTVERSION}
DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v
retrieving revision 1.114
diff -u -u -r1.114 distinfo
--- distinfo 28 Jun 2011 07:22:44 -0000 1.114
+++ distinfo 3 Jul 2011 08:47:50 -0000
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-3.4.3-all-languages.tar.bz2) = 459343e9823b9b56e3f55e60e5e5ed406b9677cbfa1d1d1f4c1ccfb9855cb51e
-SIZE (phpMyAdmin-3.4.3-all-languages.tar.bz2) = 4924786
+SHA256 (phpMyAdmin-3.4.3.1-all-languages.tar.bz2) = 138175f19802c5c1c70ceee14b89a86a19ee04917fd7bbd50b17bb200838eb69
+SIZE (phpMyAdmin-3.4.3.1-all-languages.tar.bz2) = 4924615
--- phpmyadmin.diff ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list