X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f66.google.com (mail-lf0-f66.google.com [209.85.215.66]) by lists.alpinelinux.org (Postfix) with ESMTP id 7EBCA5C4550 for ; Fri, 30 Dec 2016 07:31:39 +0000 (GMT) Received: by mail-lf0-f66.google.com with SMTP id t196so17219707lff.3 for ; Thu, 29 Dec 2016 23:31:39 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=7jwxgvoCiiOcHSLvb/bREK/nkZkpK6UUo5bKn/aKqf8=; b=T/Lnd27CYqnZYasymB+nj76zxKbvw1ykjPcwGsBSFHo6r7Z+ZOMzZgilXyYJIvCiYW Q+RtHJuQmDUIQfi9Y10enQ9YeudHfM3tu3OvsC99aF9yxzRGYzHfDiomjvZmJm7mkGOD iXsjv4qxzz6KAoSWyG/D9s+SylnltLr3Fz/L3DcMTt/nf40s2MZUb8UWdK+fMo9XRN/j 2QGYi9GRWy7TGZpodUq5634WhDHx4qKYrWb6IbVHszbiym7E4cfvpbjnXxB5e65+JKv7 GKn/6Vkk90vx66VGcOcF3vYexQT1vOBK2XFFGX1I3wPQLjnInOZgbMoOitO/TdeJApRS Fqbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7jwxgvoCiiOcHSLvb/bREK/nkZkpK6UUo5bKn/aKqf8=; b=YLnVyHJuW+Alkd5rfNspmEO1uoETZ4Tx2SuueSnp1ejWBia3+TSxeAHreTpVsge+h4 2B1QfdUnqbpaldFlSxHaUe2p9xYsux17l9OOIil3YwsXdU6U5Wb6uMoXFjO4iKjm7efh mmxR8cAQUyY/TmGdFBhx8MsO1JDc9LnG48d5XZv2i0XB6LWIUJgH7fEPQt29430cE8fb tH2BOQzKoE2J6J99KoKg2k+yrC7Gy1kplJOX46e6ICCClA4X28KzRixLoGOJwz5tHLmh UjouQapGJr+fGCucMZ2ab8YYtZagw8HYG38bHwiDj7+fIKHeqjHUKRtFeT+cO/RhLG/u TkPQ== X-Gm-Message-State: AIkVDXIQcNoEMuuCn4iYjYnOG+Sr9SzB6uCPmC+/L3xs8tERhSxC2MO4yo9lP2PD7kLMoA== X-Received: by 10.25.139.195 with SMTP id n186mr16547968lfd.27.1483083098625; Thu, 29 Dec 2016 23:31:38 -0800 (PST) Received: from v3-2.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id v17sm13520935lja.43.2016.12.29.23.31.37 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 29 Dec 2016 23:31:38 -0800 (PST) From: Sergey Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergey Lukin Subject: [alpine-aports] [PATCH v3.2] main/phpmyadmin: security upgrade to 4.4.15.9 - fixes #6597 Date: Fri, 30 Dec 2016 07:31:31 +0000 Message-Id: <1483083091-694-1-git-send-email-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.4.11 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2016-9847: Unsafe generation of blowfish secret CVE-2016-9848: phpinfo information leak value of sensitive (HttpOnly) cookies CVE-2016-9849: Username deny rules bypass (AllowRoot & Others) by using Null Byte CVE-2016-9850: Username rule matching issues CVE-2016-9851: With a crafted request parameter value it is possible to bypass the logout timeout. CVE-2016-9852 CVE-2016-9853 CVE-2016-9854 CVE-2016-9855: Multiple full path disclosure vulnerabilities CVE-2016-9856 CVE-2016-9857: Multiple XSS vulnerabilities CVE-2016-9858 CVE-2016-9859 CVE-2016-9860: We consider these vulnerabilities to be of moderate severity. CVE-2016-9861: Bypass white-list protection for URL redirection CVE-2016-9864: Multiple SQL injection vulnerabilities CVE-2016-9865: Incorrect serialized string parsing CVE-2016-9866: CSRF token not stripped from the URL 4.4.15.9 is minor security upgrade https://www.phpmyadmin.net/news/2016/11/25/phpmyadmin-401018-44159-and-465-are-released/ --- main/phpmyadmin/APKBUILD | 28 ++++++++++++++++++++++++---- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/main/phpmyadmin/APKBUILD b/main/phpmyadmin/APKBUILD index 9402810..0ad5c7b 100644 --- a/main/phpmyadmin/APKBUILD +++ b/main/phpmyadmin/APKBUILD @@ -1,7 +1,8 @@ +# Contributor: Sergei Lukin # Contributor: Matt Smith # Maintainer: Matt Smith pkgname=phpmyadmin -pkgver=4.4.15.8 +pkgver=4.4.15.9 pkgrel=0 pkgdesc="A Web-based PHP tool for administering MySQL" url="http://www.phpmyadmin.net/" @@ -46,6 +47,25 @@ source="https://files.phpmyadmin.net/phpMyAdmin/$pkgver/$_fullpkgname.tar.xz # - CVE-2016-6631 # - CVE-2016-6632 # - CVE-2016-6633 +# 4.4.15.9-r0: +# - CVE-2016-9847 +# - CVE-2016-9848 +# - CVE-2016-9849 +# - CVE-2016-9850 +# - CVE-2016-9851 +# - CVE-2016-9852 +# - CVE-2016-9853 +# - CVE-2016-9854 +# - CVE-2016-9855 +# - CVE-2016-9856 +# - CVE-2016-9857 +# - CVE-2016-9858 +# - CVE-2016-9859 +# - CVE-2016-9860 +# - CVE-2016-9861 +# - CVE-2016-9864 +# - CVE-2016-9865 +# - CVE-2016-9866 _builddir="$srcdir"/$_fullpkgname prepare() { @@ -103,9 +123,9 @@ doc() { done } -md5sums="f210913879bad1cdbc641ecbfc6c6203 phpMyAdmin-4.4.15.8-all-languages.tar.xz +md5sums="0dc7fc3a5f94d4f784e38cdb4d27c808 phpMyAdmin-4.4.15.9-all-languages.tar.xz 2d144825122042b4a2536ad789d66e8e phpmyadmin.apache2.conf" -sha256sums="aaabba81185da6496eef10eb2ee3fcb47138494bb50ca57a4050ca5a732a67a1 phpMyAdmin-4.4.15.8-all-languages.tar.xz +sha256sums="0d279bd34e542d3cdf5cb37667cc4617f008f39b5eb7d943e9aa739a2ceca174 phpMyAdmin-4.4.15.9-all-languages.tar.xz 4fbc1d0338ed7234a3d74f71910a24e467c8a0ec1dad31324e954741f93bd2d3 phpmyadmin.apache2.conf" -sha512sums="4f417d8d371975133b76a9b4c4a4e6d31089281e68c9e0df33107c0d343b8d25ebb03f13ed6327a6024283b3de01dc623e080277acbffa41b46a87d00476c23c phpMyAdmin-4.4.15.8-all-languages.tar.xz +sha512sums="2dd5a9fcc777627b9bccad340e4e0d7b7736a6e088a9ce5957f7fc22cef909b4c81467dab359b7b597be7977fac08e4632e6f06fd6743f133a14773de6dda05c phpMyAdmin-4.4.15.9-all-languages.tar.xz c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105 phpmyadmin.apache2.conf" -- 2.4.11 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---