Fwd: [Phpmyadmin-users] phpMyAdmin security alert (PMASA-2012-5)
Chris Rees
utisoft at gmail.com
Tue Sep 25 15:34:26 UTC 2012
On 25 Sep 2012 15:37, "Matthew Seaman" <matthew at freebsd.org> wrote:
>
>
> Dear all,
>
> If you install phpMyAdmin from ports, you shouldn't be vulnerable to the
> security problem described in PMASA-2012-5:
>
> Firstly, the ports checks the SHA256 checksum of distributed
> tarballs, which should prevent this sort of tampering.
>
> Secondly, the distfile the port uses is
> phpMyAdmin-3.5.2.2-all-languages.tar.xz
> not the .zip -- and so far only the .zip is known to have been
> compromised.
>
> However, if you should see distfile checksum warnings when trying to
> install phpMyAdmin please do let me know about it, if possible including
> which sourceforge mirror you downloaded from and when. I hope it is
> needless to say this, but if the SHA256 checksum doesn't match then
> *don't install*.
This is exactly the reason distinfo changes should be suspected and be
accompanied by an explanation/diff.
Thanks for sharing :)
Chris
More information about the freebsd-ports
mailing list