~alpine/aports

v3.4: main/phpmyadmin: security upgrade to 4.6.5.2 - fixes #6596 v1 PROPOSED

Sergey Lukin: 1
 main/phpmyadmin: security upgrade to 4.6.5.2 - fixes #6596

 1 files changed, 28 insertions(+), 4 deletions(-)
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git:

curl -s https://lists.alpinelinux.org/~alpine/aports/patches/2749/mbox | git am -3
Learn more about email & git

[alpine-aports] [PATCH v3.4] main/phpmyadmin: security upgrade to 4.6.5.2 - fixes #6596 Export this patch

CVE-2016-9847: Unsafe generation of blowfish secret
CVE-2016-9848: phpinfo information leak value of sensitive (HttpOnly) cookies
CVE-2016-9849: Username deny rules bypass (AllowRoot & Others) by using Null Byte
CVE-2016-9850: Username rule matching issues
CVE-2016-9851: With a crafted request parameter value it is possible to bypass the logout timeout.
CVE-2016-9852 CVE-2016-9853 CVE-2016-9854 CVE-2016-9855: Multiple full path disclosure vulnerabilities
CVE-2016-9856 CVE-2016-9857: Multiple XSS vulnerabilities
CVE-2016-9858 CVE-2016-9859 CVE-2016-9860: We consider these vulnerabilities to be of moderate severity.
CVE-2016-9861: Bypass white-list protection for URL redirection
CVE-2016-9862: BBCode injection vulnerability
CVE-2016-9863: DOS vulnerability in table partitioning
CVE-2016-9864: Multiple SQL injection vulnerabilities
CVE-2016-9865: Incorrect serialized string parsing
CVE-2016-9866: CSRF token not stripped from the URL

Jumping through 3 versions: 4.6.5, 4.6.5.1, 4.6.5.2
These upgrades do not contain major changes:
https://www.phpmyadmin.net/news/2016/11/25/phpmyadmin-401018-44159-and-465-are-released/
https://www.phpmyadmin.net/news/2016/11/26/phpmyadmin-4651-released/
https://www.phpmyadmin.net/news/2016/12/5/phpmyadmin-4652-released/
---
 main/phpmyadmin/APKBUILD | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/main/phpmyadmin/APKBUILD b/main/phpmyadmin/APKBUILD
index a8cca0f..1fcf6d3 100644
--- a/main/phpmyadmin/APKBUILD
+++ b/main/phpmyadmin/APKBUILD
@@ -1,8 +1,9 @@
# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Matt Smith <mcs@darkregion.net>
# Maintainer: Matt Smith <mcs@darkregion.net>
_php=php5
pkgname=phpmyadmin
pkgver=4.6.4
pkgver=4.6.5.2
pkgrel=0
pkgdesc="A Web-based PHP tool for administering MySQL"
url="http://www.phpmyadmin.net/"
@@ -18,6 +19,29 @@ _fullpkgname=phpMyAdmin-$pkgver-all-languages
source="https://files.phpmyadmin.net/phpMyAdmin/$pkgver/$_fullpkgname.tar.xz
	$pkgname.apache2.conf
	"
# secfixes:
#   4.6.5.2:
#     - CVE-2016-6293
#     - CVE-2016-9847
#     - CVE-2016-9848
#     - CVE-2016-9849
#     - CVE-2016-9850
#     - CVE-2016-9851
#     - CVE-2016-9852
#     - CVE-2016-9853
#     - CVE-2016-9854
#     - CVE-2016-9855
#     - CVE-2016-9856
#     - CVE-2016-9857
#     - CVE-2016-9858
#     - CVE-2016-9859
#     - CVE-2016-9860
#     - CVE-2016-9861
#     - CVE-2016-9862
#     - CVE-2016-9863
#     - CVE-2016-9864
#     - CVE-2016-9865
#     - CVE-2016-9866

_builddir="$srcdir"/$_fullpkgname
prepare() {
@@ -75,9 +99,9 @@ doc() {
	done
}

md5sums="c6314ea1e8652a053bcad62f8ed94682  phpMyAdmin-4.6.4-all-languages.tar.xz
md5sums="54322790e380be0ff036a9a65e507f49  phpMyAdmin-4.6.5.2-all-languages.tar.xz
2d144825122042b4a2536ad789d66e8e  phpmyadmin.apache2.conf"
sha256sums="f2ea32a2971efcab073ad41b6512475af1b6da70cf800a5586a12cf49797d319  phpMyAdmin-4.6.4-all-languages.tar.xz
sha256sums="8cb549c0cd04ecaa3b2a8d9315e7c88528603fa6fe91057b13173f6afba80894  phpMyAdmin-4.6.5.2-all-languages.tar.xz
4fbc1d0338ed7234a3d74f71910a24e467c8a0ec1dad31324e954741f93bd2d3  phpmyadmin.apache2.conf"
sha512sums="80ee0180c283c6ea139410289f9aa6535077f68812014dd8c7e334bdae0f49171a47b50274172a153d81e5f3145f906fdcda52751ba703fed8158482a924c6b2  phpMyAdmin-4.6.4-all-languages.tar.xz
sha512sums="10fecd5f313b3685b3d4d7c86b20e9466abc54298267f2ed41cf81096fae5bf8472860ac3ebd5ecba8644b43f69eaf944625a8a12beaba637bcefba0940f3a11  phpMyAdmin-4.6.5.2-all-languages.tar.xz
c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105  phpmyadmin.apache2.conf"
-- 
2.8.3



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---