Mail archive
alpine-aports

[alpine-aports] [PATCH v3.2] main/phpmyadmin: security upgrade to 4.4.15.9 - fixes #6597

From: Sergey Lukin <sergej.lukin_at_gmail.com>
Date: Fri, 30 Dec 2016 07:31:31 +0000

CVE-2016-9847: Unsafe generation of blowfish secret
CVE-2016-9848: phpinfo information leak value of sensitive (HttpOnly) cookies
CVE-2016-9849: Username deny rules bypass (AllowRoot & Others) by using Null Byte
CVE-2016-9850: Username rule matching issues
CVE-2016-9851: With a crafted request parameter value it is possible to bypass the logout timeout.
CVE-2016-9852 CVE-2016-9853 CVE-2016-9854 CVE-2016-9855: Multiple full path disclosure vulnerabilities
CVE-2016-9856 CVE-2016-9857: Multiple XSS vulnerabilities
CVE-2016-9858 CVE-2016-9859 CVE-2016-9860: We consider these vulnerabilities to be of moderate severity.
CVE-2016-9861: Bypass white-list protection for URL redirection
CVE-2016-9864: Multiple SQL injection vulnerabilities
CVE-2016-9865: Incorrect serialized string parsing
CVE-2016-9866: CSRF token not stripped from the URL

4.4.15.9 is minor security upgrade
https://www.phpmyadmin.net/news/2016/11/25/phpmyadmin-401018-44159-and-465-are-released/
---
 main/phpmyadmin/APKBUILD | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/main/phpmyadmin/APKBUILD b/main/phpmyadmin/APKBUILD
index 9402810..0ad5c7b 100644
--- a/main/phpmyadmin/APKBUILD
+++ b/main/phpmyadmin/APKBUILD
_at_@ -1,7 +1,8 @@
+# Contributor: Sergei Lukin <sergej.lukin_at_gmail.com>
 # Contributor: Matt Smith <mcs_at_darkregion.net>
 # Maintainer:  Matt Smith <mcs_at_darkregion.net>
 pkgname=phpmyadmin
-pkgver=4.4.15.8
+pkgver=4.4.15.9
 pkgrel=0
 pkgdesc="A Web-based PHP tool for administering MySQL"
 url="http://www.phpmyadmin.net/"
_at_@ -46,6 +47,25 @@ source="https://files.phpmyadmin.net/phpMyAdmin/$pkgver/$_fullpkgname.tar.xz
 #    - CVE-2016-6631
 #    - CVE-2016-6632
 #    - CVE-2016-6633
+#  4.4.15.9-r0:
+#    - CVE-2016-9847
+#    - CVE-2016-9848
+#    - CVE-2016-9849
+#    - CVE-2016-9850
+#    - CVE-2016-9851
+#    - CVE-2016-9852
+#    - CVE-2016-9853
+#    - CVE-2016-9854
+#    - CVE-2016-9855
+#    - CVE-2016-9856
+#    - CVE-2016-9857
+#    - CVE-2016-9858
+#    - CVE-2016-9859
+#    - CVE-2016-9860
+#    - CVE-2016-9861
+#    - CVE-2016-9864
+#    - CVE-2016-9865
+#    - CVE-2016-9866
 
 _builddir="$srcdir"/$_fullpkgname
 prepare() {
_at_@ -103,9 +123,9 @@ doc() {
 	done
 }
 
-md5sums="f210913879bad1cdbc641ecbfc6c6203  phpMyAdmin-4.4.15.8-all-languages.tar.xz
+md5sums="0dc7fc3a5f94d4f784e38cdb4d27c808  phpMyAdmin-4.4.15.9-all-languages.tar.xz
 2d144825122042b4a2536ad789d66e8e  phpmyadmin.apache2.conf"
-sha256sums="aaabba81185da6496eef10eb2ee3fcb47138494bb50ca57a4050ca5a732a67a1  phpMyAdmin-4.4.15.8-all-languages.tar.xz
+sha256sums="0d279bd34e542d3cdf5cb37667cc4617f008f39b5eb7d943e9aa739a2ceca174  phpMyAdmin-4.4.15.9-all-languages.tar.xz
 4fbc1d0338ed7234a3d74f71910a24e467c8a0ec1dad31324e954741f93bd2d3  phpmyadmin.apache2.conf"
-sha512sums="4f417d8d371975133b76a9b4c4a4e6d31089281e68c9e0df33107c0d343b8d25ebb03f13ed6327a6024283b3de01dc623e080277acbffa41b46a87d00476c23c  phpMyAdmin-4.4.15.8-all-languages.tar.xz
+sha512sums="2dd5a9fcc777627b9bccad340e4e0d7b7736a6e088a9ce5957f7fc22cef909b4c81467dab359b7b597be7977fac08e4632e6f06fd6743f133a14773de6dda05c  phpMyAdmin-4.4.15.9-all-languages.tar.xz
 c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105  phpmyadmin.apache2.conf"
-- 
2.4.11
---
Unsubscribe:  alpine-aports+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-aports+help_at_lists.alpinelinux.org
---
Received on Fri Dec 30 2016 - 07:31:31 GMT