Commit 20a1d824 authored by matthew's avatar matthew
Browse files

Security update: multiple vulnerabilities in databases/phpmyadmin and

databases/phpmyadmin35

 - update phpmyadmin to 4.0.4.2

ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view

 - update phpmyadmin35 to 3.5.8.2

ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view

 - vuxml

The PMSA references shown have not been published yet, hence no CVE
numbers and a lack of detail in the descriptions.  Yes, PMSA-2013-10
is missing from the sequence.  According to the security alert e-mail:

   "For more details, see the upcoming PMASA-2013-8 to PMASA-2013-15 (minus
    PMASA-2013-10 which is reserved for a future advisory)."
parent 15eec41f
......@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= phpMyAdmin
DISTVERSION= 4.0.4.1
DISTVERSION= 4.0.4.2
CATEGORIES= databases www
MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages
......
SHA256 (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = da15749b29d2a3011f9ad83e035f7d8a4f478a0b14179b1d3ea9441e8739c6bb
SIZE (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = 4411500
SHA256 (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 0c13b9136092e33c0e4ce07d88818b989a7aa45d5c47f089df69719b4cc97fe5
SIZE (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 4367316
......@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= phpMyAdmin35
DISTVERSION= 3.5.8.1
DISTVERSION= 3.5.8.2
CATEGORIES= databases www
MASTER_SITES= SF/${PORTNAME:L:S/35//}/${PORTNAME:S/35//}/${DISTVERSION}
DISTNAME= ${PORTNAME:S/35//}-${DISTVERSION}-all-languages
......
SHA256 (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = c66737ff55369b1c9e4b116e68f3c517faf7c4bc17e289d008d74fde6c8260f6
SIZE (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = 3744808
SHA256 (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = fe9d4a6d25a953f291db171441314c31d3976f7d85296ceec26b1bb5ee84afe2
SIZE (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = 3743436
......@@ -51,6 +51,65 @@ Note: Please add new entries to the beginning of this file.
 
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="f4a0212f-f797-11e2-9bb9-6805ca0b3d42">
<topic>phpMyAdmin -- multiple vulnerabilities</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>4.0</ge><lt>4.0.4.2</lt></range>
</package>
<package>
<name>phpMyAdmin35</name>
<range><ge>3.5</ge><lt>3.5.8.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php">
<p>Self-XSS in "Showing rows." (phpMyAdmin35 only)</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php">
<p>Self-XSS in Display chart.</p>
<p>Stored XSS in Server status monitor.</p>
<p>Stored XSS in navigation panel logo link (phpMyAdmin35 only).</p>
<p>Self-XSS in setup, trusted proxies validation.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php">
<p>Unencoded json object.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php">
<p>Full path disclosure.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php">
<p>Stored XSS in link transformation plugin.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php">
<p>Self-XSS in schema export.</p>
</blockquote>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php">
<p>Control user SQL injection in pmd_pdf.php.</p>
<p>Control user SQL injection in schema_export.php.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php</url>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php</url>
<url>http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view</url>
<url>http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view</url>
</references>
<dates>
<discovery>2013-07-28</discovery>
<entry>2013-07-28</entry>
</dates>
</vuln>
<vuln vid="049332d2-f6e1-11e2-82f3-000c29ee3065">
<topic>wordpress -- multiple vulnerabilities</topic>
<affects>
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment