X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f68.google.com (mail-lf0-f68.google.com [209.85.215.68]) by lists.alpinelinux.org (Postfix) with ESMTP id 299245C4554 for ; Fri, 30 Dec 2016 06:27:08 +0000 (GMT) Received: by mail-lf0-f68.google.com with SMTP id y21so33779109lfa.0 for ; Thu, 29 Dec 2016 22:27:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=lIcFaJ7JIHms2dz2QhFQID6+338ZdLts27odsAhF5kY=; b=ZGqNH3/fFcWbKQCk+EGeMhmq4KUaismOFedXk64HavKp4B5yWcmp1rbyrtLRSNLCPH eLOgWe2wKbLD40r86ANdmJB2GmKmU/uUeoQKMUij9Y3TMjNPY6axWXQiXoafpvObTbsJ Bp2WJrYhTOSTq31nkkevodUdPPLX5+TMlpV1mqRC38TAlG2A9E3aG0TM3DIVUAYgsHzI CM5liiASh/VR8Z4Zwmj6ESs+EnaPfMyxNITYxNGx1zoIXRtjmldB+enZeZZBZwrfWKx+ q/9M+qaRsP5p0jvoxJ6lypafDcZuN+u5f9sy5xp7klftC4nHIqyn5p6QoOouYoWVtVta dK+w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=lIcFaJ7JIHms2dz2QhFQID6+338ZdLts27odsAhF5kY=; b=MrIPZzkhikUN7NKYTeqBkJX88JaJBBJdydIHIYWVtqwRR5vYqpPhgba372e+MEqAdq vedY0ZQfkDnJorkw3jjOyv8cIqKApAyVqsDXHBpgNNFrXokGjKNafiqWzRvhSWUX1sdR 9iCyjNrc+XWHYNyQzK0h1ExEqZeWY1m/LQbtMB7xQ3L7KiT0TnFktBj/0A3uagnnFFI/ 31LOBF4P2DaIhDGkuEVVEYoGUGAL3+ltRt74UcPqaEZ0Re8u5mzIuxcjqXsMPAyMb35n ZHdj5lHtSosjCxwYXZcjQY2rry2++X1m9iBGx/1WjsUgCfHG/eS3xkvrdgjkc1u8XfK4 L02Q== X-Gm-Message-State: AIkVDXIcwnjD5OQqWUMhFXH2/S4zTpOI8Nxi495l38xcfl/sEPo0/lxb0ZtX+wY1Ep4Itw== X-Received: by 10.25.8.6 with SMTP id 6mr12292806lfi.48.1483079227149; Thu, 29 Dec 2016 22:27:07 -0800 (PST) Received: from v3-4.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id r21sm13156544lff.4.2016.12.29.22.27.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 29 Dec 2016 22:27:06 -0800 (PST) From: Sergey Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergey Lukin Subject: [alpine-aports] [PATCH v3.4] main/phpmyadmin: security upgrade to 4.6.5.2 - fixes #6596 Date: Fri, 30 Dec 2016 06:26:55 +0000 Message-Id: <20161230062655.581-1-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.8.3 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2016-9847: Unsafe generation of blowfish secret CVE-2016-9848: phpinfo information leak value of sensitive (HttpOnly) cookies CVE-2016-9849: Username deny rules bypass (AllowRoot & Others) by using Null Byte CVE-2016-9850: Username rule matching issues CVE-2016-9851: With a crafted request parameter value it is possible to bypass the logout timeout. CVE-2016-9852 CVE-2016-9853 CVE-2016-9854 CVE-2016-9855: Multiple full path disclosure vulnerabilities CVE-2016-9856 CVE-2016-9857: Multiple XSS vulnerabilities CVE-2016-9858 CVE-2016-9859 CVE-2016-9860: We consider these vulnerabilities to be of moderate severity. CVE-2016-9861: Bypass white-list protection for URL redirection CVE-2016-9862: BBCode injection vulnerability CVE-2016-9863: DOS vulnerability in table partitioning CVE-2016-9864: Multiple SQL injection vulnerabilities CVE-2016-9865: Incorrect serialized string parsing CVE-2016-9866: CSRF token not stripped from the URL Jumping through 3 versions: 4.6.5, 4.6.5.1, 4.6.5.2 These upgrades do not contain major changes: https://www.phpmyadmin.net/news/2016/11/25/phpmyadmin-401018-44159-and-465-are-released/ https://www.phpmyadmin.net/news/2016/11/26/phpmyadmin-4651-released/ https://www.phpmyadmin.net/news/2016/12/5/phpmyadmin-4652-released/ --- main/phpmyadmin/APKBUILD | 32 ++++++++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 4 deletions(-) diff --git a/main/phpmyadmin/APKBUILD b/main/phpmyadmin/APKBUILD index a8cca0f..1fcf6d3 100644 --- a/main/phpmyadmin/APKBUILD +++ b/main/phpmyadmin/APKBUILD @@ -1,8 +1,9 @@ +# Contributor: Sergei Lukin # Contributor: Matt Smith # Maintainer: Matt Smith _php=php5 pkgname=phpmyadmin -pkgver=4.6.4 +pkgver=4.6.5.2 pkgrel=0 pkgdesc="A Web-based PHP tool for administering MySQL" url="http://www.phpmyadmin.net/" @@ -18,6 +19,29 @@ _fullpkgname=phpMyAdmin-$pkgver-all-languages source="https://files.phpmyadmin.net/phpMyAdmin/$pkgver/$_fullpkgname.tar.xz $pkgname.apache2.conf " +# secfixes: +# 4.6.5.2: +# - CVE-2016-6293 +# - CVE-2016-9847 +# - CVE-2016-9848 +# - CVE-2016-9849 +# - CVE-2016-9850 +# - CVE-2016-9851 +# - CVE-2016-9852 +# - CVE-2016-9853 +# - CVE-2016-9854 +# - CVE-2016-9855 +# - CVE-2016-9856 +# - CVE-2016-9857 +# - CVE-2016-9858 +# - CVE-2016-9859 +# - CVE-2016-9860 +# - CVE-2016-9861 +# - CVE-2016-9862 +# - CVE-2016-9863 +# - CVE-2016-9864 +# - CVE-2016-9865 +# - CVE-2016-9866 _builddir="$srcdir"/$_fullpkgname prepare() { @@ -75,9 +99,9 @@ doc() { done } -md5sums="c6314ea1e8652a053bcad62f8ed94682 phpMyAdmin-4.6.4-all-languages.tar.xz +md5sums="54322790e380be0ff036a9a65e507f49 phpMyAdmin-4.6.5.2-all-languages.tar.xz 2d144825122042b4a2536ad789d66e8e phpmyadmin.apache2.conf" -sha256sums="f2ea32a2971efcab073ad41b6512475af1b6da70cf800a5586a12cf49797d319 phpMyAdmin-4.6.4-all-languages.tar.xz +sha256sums="8cb549c0cd04ecaa3b2a8d9315e7c88528603fa6fe91057b13173f6afba80894 phpMyAdmin-4.6.5.2-all-languages.tar.xz 4fbc1d0338ed7234a3d74f71910a24e467c8a0ec1dad31324e954741f93bd2d3 phpmyadmin.apache2.conf" -sha512sums="80ee0180c283c6ea139410289f9aa6535077f68812014dd8c7e334bdae0f49171a47b50274172a153d81e5f3145f906fdcda52751ba703fed8158482a924c6b2 phpMyAdmin-4.6.4-all-languages.tar.xz +sha512sums="10fecd5f313b3685b3d4d7c86b20e9466abc54298267f2ed41cf81096fae5bf8472860ac3ebd5ecba8644b43f69eaf944625a8a12beaba637bcefba0940f3a11 phpMyAdmin-4.6.5.2-all-languages.tar.xz c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105 phpmyadmin.apache2.conf" -- 2.8.3 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---