[alpine-aports] [PATCH v3.4] main/phpmyadmin: security upgrade to 4.6.5.2 - fixes #6596
Export this patch
CVE-2016-9847: Unsafe generation of blowfish secret
CVE-2016-9848: phpinfo information leak value of sensitive (HttpOnly) cookies
CVE-2016-9849: Username deny rules bypass (AllowRoot & Others) by using Null Byte
CVE-2016-9850: Username rule matching issues
CVE-2016-9851: With a crafted request parameter value it is possible to bypass the logout timeout.
CVE-2016-9852 CVE-2016-9853 CVE-2016-9854 CVE-2016-9855: Multiple full path disclosure vulnerabilities
CVE-2016-9856 CVE-2016-9857: Multiple XSS vulnerabilities
CVE-2016-9858 CVE-2016-9859 CVE-2016-9860: We consider these vulnerabilities to be of moderate severity.
CVE-2016-9861: Bypass white-list protection for URL redirection
CVE-2016-9862: BBCode injection vulnerability
CVE-2016-9863: DOS vulnerability in table partitioning
CVE-2016-9864: Multiple SQL injection vulnerabilities
CVE-2016-9865: Incorrect serialized string parsing
CVE-2016-9866: CSRF token not stripped from the URL
Jumping through 3 versions: 4.6.5, 4.6.5.1, 4.6.5.2
These upgrades do not contain major changes:
https://www.phpmyadmin.net/news/2016/11/25/phpmyadmin-401018-44159-and-465-are-released/
https://www.phpmyadmin.net/news/2016/11/26/phpmyadmin-4651-released/
https://www.phpmyadmin.net/news/2016/12/5/phpmyadmin-4652-released/
---
main/phpmyadmin/APKBUILD | 25 ++++++++++++++++++++++++-
1 file changed, 24 insertions(+), 1 deletion(-)
diff --git a/main/phpmyadmin/APKBUILD b/main/phpmyadmin/APKBUILD
index a8cca0f..742e1af 100644
--- a/main/phpmyadmin/APKBUILD
+++ b/main/phpmyadmin/APKBUILD
@@ -1,8 +1,9 @@
+# Contributor: Sergei Lukin <sergej.lukin@gmail.com>
# Contributor: Matt Smith <mcs@darkregion.net>
# Maintainer: Matt Smith <mcs@darkregion.net>
_php=php5
pkgname=phpmyadmin
-pkgver=4.6.4
+pkgver=4.6.5.2
pkgrel=0
pkgdesc="A Web-based PHP tool for administering MySQL"
url="http://www.phpmyadmin.net/"
@@ -18,6 +19,28 @@ _fullpkgname=phpMyAdmin-$pkgver-all-languages
source="https://files.phpmyadmin.net/phpMyAdmin/$pkgver/$_fullpkgname.tar.xz
$pkgname.apache2.conf
"
+# secfixes:
+# 4.6.5.2-r0:
+# - CVE-2016-9847
+# - CVE-2016-9848
+# - CVE-2016-9849
+# - CVE-2016-9850
+# - CVE-2016-9851
+# - CVE-2016-9852
+# - CVE-2016-9853
+# - CVE-2016-9854
+# - CVE-2016-9855
+# - CVE-2016-9856
+# - CVE-2016-9857
+# - CVE-2016-9858
+# - CVE-2016-9859
+# - CVE-2016-9860
+# - CVE-2016-9861
+# - CVE-2016-9862
+# - CVE-2016-9863
+# - CVE-2016-9864
+# - CVE-2016-9865
+# - CVE-2016-9866
_builddir="$srcdir"/$_fullpkgname
prepare() {
--
2.8.3
---
Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org
Help: alpine-aports+help@lists.alpinelinux.org
---