ports/158603: [maintainer] databases/phpmyadmin security update to 3.4.3.1

Sun Jul 3 09:10:10 UTC 2011

>Number:         158603
>Category:       ports
>Synopsis:       [maintainer] databases/phpmyadmin security update to 3.4.3.1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 03 09:10:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 8.2-STABLE amd64
>Organization:
Infracaninophile
>Environment:
System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-STABLE FreeBSD 8.2-STABLE #44 r222989: Sat Jun 11 21:09:28 BST 2011 root at lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64


	
>Description:

Security update to version 3.4.3.1

Announce message:

"Welcome to phpMyAdmin 3.4.3.1 and to phpMyAdmin 3.3.10.2, which are
security releases.

Please refer to the upcoming PMASA-2011-5 to PMASA-2011-8 announcements
on http://www.phpmyadmin.net/home_page/security/.

Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.

Marc Delisle, for the team"

Security advisories:

    PMSA-2011-5 -- PMSA-2011-8 should appear at
    http://www.phpmyadmin.net/home_page/security/, but have not yet
    been published.

ChangeLog:

3.4.3.1 (2011-07-02)
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
- [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
- [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8


>How-To-Repeat:
	
>Fix:

--- phpmyadmin.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v
retrieving revision 1.137
diff -u -u -r1.137 Makefile
--- Makefile	28 Jun 2011 07:22:44 -0000	1.137
+++ Makefile	3 Jul 2011 08:47:50 -0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	phpMyAdmin
-DISTVERSION=	3.4.3
+DISTVERSION=	3.4.3.1
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME:L}/${PORTNAME}/${PORTVERSION}
 DISTNAME=	${PORTNAME}-${DISTVERSION}-all-languages
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v
retrieving revision 1.114
diff -u -u -r1.114 distinfo
--- distinfo	28 Jun 2011 07:22:44 -0000	1.114
+++ distinfo	3 Jul 2011 08:47:50 -0000
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-3.4.3-all-languages.tar.bz2) = 459343e9823b9b56e3f55e60e5e5ed406b9677cbfa1d1d1f4c1ccfb9855cb51e
-SIZE (phpMyAdmin-3.4.3-all-languages.tar.bz2) = 4924786
+SHA256 (phpMyAdmin-3.4.3.1-all-languages.tar.bz2) = 138175f19802c5c1c70ceee14b89a86a19ee04917fd7bbd50b17bb200838eb69
+SIZE (phpMyAdmin-3.4.3.1-all-languages.tar.bz2) = 4924615
--- phpmyadmin.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

