X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f67.google.com (mail-lf0-f67.google.com [209.85.215.67]) by lists.alpinelinux.org (Postfix) with ESMTP id 6D2385C4C0C for ; Fri, 30 Dec 2016 07:20:26 +0000 (GMT) Received: by mail-lf0-f67.google.com with SMTP id x140so19548372lfa.2 for ; Thu, 29 Dec 2016 23:20:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=KAxRon+CdLlQxNw0sBCzZTn6gRX1tyB+LxuVLcD6crc=; b=PlsGyFaxP2yJyn1eEHWCBuikHpiPJHqOwbgb0Pt5fgazmQdclNMLWPqUWnnzHIM98T IweBCRTGa6zQLatvu7NBEmR8vFVVHW4DW0YLfkxyEWn9rrzjlI0TlTN9ALuIBKcBqi4Z vfuGVBJ63jlcp6jAvnlrlsn8A6CjSTKMVFs34059iVth66vUOZp6h06ir0LaHvxq5aVF ftWu6P63yir9xmoArZVlbvObn0s6d0DKyDoQTR6bf4APhuATX4lofYgMMYrJfcF0MxiE 6m7b9/ErS36BFk1e8iLUKvwxhSoXFKvXDOmUEXxjeh7t/b2H9tpfDf7lkFEFTz6rAL9E 1mPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=KAxRon+CdLlQxNw0sBCzZTn6gRX1tyB+LxuVLcD6crc=; b=tlyS1k/9r/+4j3Met3kAqf/Z+tOd9RINtagzXNGAa0gsmsZuntifHp6MHMkGoQKxZQ bB/X0TJ9rArt1V290r0E5YBfddBAUvCJP+TJgqm4ltQGz4AQx9PvN0x3WR2MhlSSjajW JRZa3D3QdKvHaGC7Up56NU0e2Q+7m1i+DfQJhHZFv+e6Exb64bVowl/ZO1hfDkGzXV2d kzJQpCQquNe6D6DKh9m5BinfH3OLrq1vaD4U+NYX4F6kPpt58e9jtpljJBUNzIJ2pjT/ coURhZKYJQrmzEfzjvHsXkVpx2KY6zt8poe9gkgPJGkj/I5ZhwwE+G8IxuzNVV7tf8LQ d+vw== X-Gm-Message-State: AIkVDXIspx+vhsj1idGOb0DKW3dRPKE4PCJInf8cF9AhZd6NBZ4LXj9ul5WI3TMmeBKxEw== X-Received: by 10.25.198.132 with SMTP id w126mr16844788lff.175.1483082425592; Thu, 29 Dec 2016 23:20:25 -0800 (PST) Received: from v3-4.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id z68sm13671311lff.35.2016.12.29.23.20.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 29 Dec 2016 23:20:25 -0800 (PST) From: Sergey Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergey Lukin Subject: [alpine-aports] [PATCH v3.4] main/phpmyadmin: security upgrade to 4.6.5.2 - fixes #6596 Date: Fri, 30 Dec 2016 07:20:19 +0000 Message-Id: <20161230072019.174-1-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.8.3 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2016-9847: Unsafe generation of blowfish secret CVE-2016-9848: phpinfo information leak value of sensitive (HttpOnly) cookies CVE-2016-9849: Username deny rules bypass (AllowRoot & Others) by using Null Byte CVE-2016-9850: Username rule matching issues CVE-2016-9851: With a crafted request parameter value it is possible to bypass the logout timeout. CVE-2016-9852 CVE-2016-9853 CVE-2016-9854 CVE-2016-9855: Multiple full path disclosure vulnerabilities CVE-2016-9856 CVE-2016-9857: Multiple XSS vulnerabilities CVE-2016-9858 CVE-2016-9859 CVE-2016-9860: We consider these vulnerabilities to be of moderate severity. CVE-2016-9861: Bypass white-list protection for URL redirection CVE-2016-9862: BBCode injection vulnerability CVE-2016-9863: DOS vulnerability in table partitioning CVE-2016-9864: Multiple SQL injection vulnerabilities CVE-2016-9865: Incorrect serialized string parsing CVE-2016-9866: CSRF token not stripped from the URL Jumping through 3 versions: 4.6.5, 4.6.5.1, 4.6.5.2 These upgrades do not contain major changes: https://www.phpmyadmin.net/news/2016/11/25/phpmyadmin-401018-44159-and-465-are-released/ https://www.phpmyadmin.net/news/2016/11/26/phpmyadmin-4651-released/ https://www.phpmyadmin.net/news/2016/12/5/phpmyadmin-4652-released/ --- main/phpmyadmin/APKBUILD | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/main/phpmyadmin/APKBUILD b/main/phpmyadmin/APKBUILD index a8cca0f..742e1af 100644 --- a/main/phpmyadmin/APKBUILD +++ b/main/phpmyadmin/APKBUILD @@ -1,8 +1,9 @@ +# Contributor: Sergei Lukin # Contributor: Matt Smith # Maintainer: Matt Smith _php=php5 pkgname=phpmyadmin -pkgver=4.6.4 +pkgver=4.6.5.2 pkgrel=0 pkgdesc="A Web-based PHP tool for administering MySQL" url="http://www.phpmyadmin.net/" @@ -18,6 +19,28 @@ _fullpkgname=phpMyAdmin-$pkgver-all-languages source="https://files.phpmyadmin.net/phpMyAdmin/$pkgver/$_fullpkgname.tar.xz $pkgname.apache2.conf " +# secfixes: +# 4.6.5.2-r0: +# - CVE-2016-9847 +# - CVE-2016-9848 +# - CVE-2016-9849 +# - CVE-2016-9850 +# - CVE-2016-9851 +# - CVE-2016-9852 +# - CVE-2016-9853 +# - CVE-2016-9854 +# - CVE-2016-9855 +# - CVE-2016-9856 +# - CVE-2016-9857 +# - CVE-2016-9858 +# - CVE-2016-9859 +# - CVE-2016-9860 +# - CVE-2016-9861 +# - CVE-2016-9862 +# - CVE-2016-9863 +# - CVE-2016-9864 +# - CVE-2016-9865 +# - CVE-2016-9866 _builddir="$srcdir"/$_fullpkgname prepare() { -- 2.8.3 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---