ports/161337: [maintainer] databases/phpmyadmin security upate to 3.4.6.r1

Matthew Seaman m.seaman at infracaninophile.co.uk
Thu Oct 6 15:20:07 UTC 2011 

>Number:         161337
>Category:       ports
>Synopsis:       [maintainer] databases/phpmyadmin security upate to 3.4.6.r1
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          maintainer-update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Oct 06 15:20:06 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator:     Matthew Seaman
>Release:        FreeBSD 8.2-STABLE amd64
>Organization:
Infracaninophile
>Environment:
System: FreeBSD lucid-nonsense.infracaninophile.co.uk 8.2-STABLE FreeBSD 8.2-STABLE #3 r226035: Wed Oct 5 14:26:52 BST 2011 root at lucid-nonsense.infracaninophile.co.uk:/usr/obj/usr/src/sys/LUCID-NONSENSE amd64


	
>Description:

Bugfix and Security update to 3.4.6.r1

>From the announce message:

"Welcome to the first release candidate of phpMyAdmin 3.4.6, a bugfix
release containing also fixes for minor security problems.

Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.

Marc Delisle, for the team"

Security Advisories:

PMASA-2011-15
PMASA-2011-16

(These are not published yet...)

ChangeLog:

(http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.4.6-rc1%2FphpMyAdmin-3.4.6-rc1.html/view)

Welcome to the first release candidate for phpMyAdmin 3.4.6, a bugfix release containing also fixes for minor security problems.

3.4.6.0 (not yet released)
- patch #3404173 InnoDB comment display with tooltips/aliases
- bug #3404886 [navi] Edit SQL statement after error
- bug #3403165 [interface] Collation not displayed for long enum fields
- bug #3399951 [export] Config for export compression not used
- bug #3400690 [privileges] DB-specific privileges won't submit
- bug #3410604 [config] Configuration storage incorrect suggested table name
- bug #3383572 [interface] Cannot execute saved query
- bug #3411535 [display] Full text button unchecks results display options
- bug #3411224 [display] Broken binary column when 'Show binary contents' is not set
- bug #3411633 [core] Call to undefined function PMA_isSuperuser()
- bug #3413743 [interface] Display options link missing after search
- bug #3324161 [core] CSP policy causing designer JS buttons to fail
- bug #3412862 [relation] Relations/constraints are dropped/created on every change
- bug #3390832 [display] Delete records from last page breaks search
- bug #3392150 [schema] PMA_User_Schema::processUserChoice() is broken
- bug #3414744 [core] External link fails in 3.4.5
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
- [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16


>How-To-Repeat:
	
>Fix:

	

--- phpmyadmin.diff begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/Makefile,v
retrieving revision 1.142
diff -u -u -r1.142 Makefile
--- Makefile	14 Sep 2011 23:26:28 -0000	1.142
+++ Makefile	6 Oct 2011 15:09:00 -0000
@@ -6,7 +6,7 @@
 #
 
 PORTNAME=	phpMyAdmin
-DISTVERSION=	3.4.5
+DISTVERSION=	3.4.6-rc1
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
 DISTNAME=	${PORTNAME}-${DISTVERSION}-all-languages
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/databases/phpmyadmin/distinfo,v
retrieving revision 1.119
diff -u -u -r1.119 distinfo
--- distinfo	14 Sep 2011 23:26:28 -0000	1.119
+++ distinfo	6 Oct 2011 15:09:00 -0000
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-3.4.5-all-languages.tar.bz2) = 27917cf2d833c0c8700704c62b28a210f30682dd112e6a0b6fd2db3e6d061051
-SIZE (phpMyAdmin-3.4.5-all-languages.tar.bz2) = 4592593
+SHA256 (phpMyAdmin-3.4.6-rc1-all-languages.tar.bz2) = 55953ee22905c1990887bff698184db72c8ab9974d3987ee81cd43e32b6d2276
+SIZE (phpMyAdmin-3.4.6-rc1-all-languages.tar.bz2) = 4602773
--- phpmyadmin.diff ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list