Ubuntu
phpmyadmin package

Merge lp:~ari-tczew/ubuntu/dapper/phpmyadmin/fix-CVE-2009-1151 into lp:ubuntu/dapper/phpmyadmin

  1. Dapper (6.06)
  2. fix-CVE-2009-1151
  3. Merge into dapper
Proposed by Artur Rona
Status: Needs review
Proposed branch: lp:~ari-tczew/ubuntu/dapper/phpmyadmin/fix-CVE-2009-1151
Merge into: lp:ubuntu/dapper/phpmyadmin
Diff against target: 97 lines (+75/-0)
4 files modified
debian/changelog (+27/-0)
debian/patches/050_CVE-2008-1149.patch (+18/-0)
debian/patches/051_CVE-2009-1151.dpatch (+28/-0)
debian/patches/series (+2/-0)
To merge this branch: bzr merge lp:~ari-tczew/ubuntu/dapper/phpmyadmin/fix-CVE-2009-1151
Reviewer Review Type Date Requested Status
Jamie Strandboge Approve
Review via email: mp+23166@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Looks like LP was out of date cause it added the previous update to your diff. Looks fine. Thanks!

review: Approve
Reply
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Actually, the debian/patches/series file is not needed (it was mistakenly added in the last security update). I removed it.

More importantly, because you used a .dpatch extension, the patch didn't apply. I renamed it to use .patch.

Reply

Unmerged revisions

10. By Artur Rona

* SECURITY UPDATE: Insufficient output sanitizing when generating
  configuration file (LP: #387215).
  - debian/patches/051_CVE-2009-1151.dpatch: Do not output unescaped
    chars to generated configuration file. Patch from upstream SVN revision
    12301.
  - References:
    + CVE-2009-1151
    + PMASA-2009-3

9. By Emanuele Gentili

* SECURITY UPDATE:
 + debian/patches/050_CVE-2008-1149.patch
  - Provides unauthorized access, Allows partial confidentiality, integrity, and
    availability violation , Allows unauthorized disclosure of information ,
    Allows disruption of service. (LP: #198745)

* References:
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1149
 + http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2006-04-14 14:47:28 +0000
3+++ debian/changelog 2010-04-11 01:26:15 +0000
4@@ -1,3 +1,30 @@
5+phpmyadmin (4:2.8.0.3-1ubuntu0.2) dapper-security; urgency=low
6+
7+ * SECURITY UPDATE: Insufficient output sanitizing when generating
8+ configuration file (LP: #387215).
9+ - debian/patches/051_CVE-2009-1151.dpatch: Do not output unescaped
10+ chars to generated configuration file. Patch from upstream SVN revision
11+ 12301.
12+ - References:
13+ + CVE-2009-1151
14+ + PMASA-2009-3
15+
16+ -- Artur Rona <ari-tczew@tlen.pl> Sun, 11 Apr 2010 02:16:47 +0200
17+
18+phpmyadmin (4:2.8.0.3-1ubuntu0.1) dapper-security; urgency=low
19+
20+ * SECURITY UPDATE:
21+ + debian/patches/050_CVE-2008-1149.patch
22+ - Provides unauthorized access, Allows partial confidentiality, integrity, and
23+ availability violation , Allows unauthorized disclosure of information ,
24+ Allows disruption of service. (LP: #198745)
25+
26+ * References:
27+ + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1149
28+ + http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1
29+
30+ -- Emanuele Gentili <emgent@emanuele-gentili.com> Fri, 14 Mar 2008 19:22:13 +0100
31+
32 phpmyadmin (4:2.8.0.3-1) unstable; urgency=medium
33
34 * New upstream release.
35
36=== added file 'debian/patches/050_CVE-2008-1149.patch'
37--- debian/patches/050_CVE-2008-1149.patch 1970-01-01 00:00:00 +0000
38+++ debian/patches/050_CVE-2008-1149.patch 2010-04-11 01:26:15 +0000
39@@ -0,0 +1,18 @@
40+Index: phpMyAdmin-2.8.0.3/libraries/common.lib.php
41+===================================================================
42+--- phpMyAdmin-2.8.0.3.orig/libraries/common.lib.php 2008-03-14 19:20:54.000000000 +0100
43++++ phpMyAdmin-2.8.0.3/libraries/common.lib.php 2008-03-14 19:21:45.000000000 +0100
44+@@ -2714,6 +2714,13 @@
45+ unset($_POST['redirect']);
46+ } // end if (isset($_POST['redirect']))
47+ unset($subform_id, $subform);
48++} else {
49++ // Note: here we overwrite $_REQUEST so that it does not contain cookies,
50++ // because another application for the same domain could have set
51++ // a cookie (with a compatible path) that overrides a variable
52++ // we expect from GET or POST.
53++ // We'll refer to cookies explicitly with the $_COOKIE syntax.
54++ $_REQUEST = array_merge($_GET, $_POST);
55+ } // end if (isset($_POST['usesubform']))
56+ // end check if a subform is submitted
57+
58
59=== added file 'debian/patches/051_CVE-2009-1151.dpatch'
60--- debian/patches/051_CVE-2009-1151.dpatch 1970-01-01 00:00:00 +0000
61+++ debian/patches/051_CVE-2009-1151.dpatch 2010-04-11 01:26:15 +0000
62@@ -0,0 +1,28 @@
63+#! /bin/sh /usr/share/dpatch/dpatch-run
64+## From: Artur Rona <ari-tczew@tlen.pl>
65+## Description: Insufficient output sanitizing when generating configuration file. Do not output unescaped chars to generated configuration file.
66+## Bug: https://launchpad.net/bugs/387215
67+## Origin: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12301
68+## Author: Michal Čihař
69+
70+@DPATCH@
71+
72+diff -pruN -x '*~' phpmyadmin-2.8.0.3.orig/scripts/setup.php phpmyadmin-2.8.0.3/scripts/setup.php
73+--- phpmyadmin-2.8.0.3.orig/scripts/setup.php 2006-03-08 20:06:48.000000000 +0100
74++++ phpmyadmin-2.8.0.3/scripts/setup.php 2010-04-11 01:53:55.000000000 +0200
75+@@ -466,6 +466,7 @@ function get_cfg_string($cfg) {
76+ foreach ($c['Servers'] as $cnt => $srv) {
77+ $ret .= "\n/* Server " . get_server_name($srv, $cnt) . " */\n\$i++;\n";
78+ foreach ($srv as $key => $val) {
79++ $key = preg_replace('/[^A-Za-z0-9_]/', '_', $key);
80+ $ret .= get_cfg_val("\$cfg['Servers'][\$i]['$key']", $val);
81+ }
82+ }
83+@@ -474,6 +475,7 @@ function get_cfg_string($cfg) {
84+ unset($c['Servers']);
85+
86+ foreach ($c as $key => $val) {
87++ $key = preg_replace('/[^A-Za-z0-9_]/', '_', $key);
88+ $ret .= get_cfg_val("\$cfg['$key']", $val);
89+ }
90+
91
92=== added file 'debian/patches/series'
93--- debian/patches/series 1970-01-01 00:00:00 +0000
94+++ debian/patches/series 2010-04-11 01:26:15 +0000
95@@ -0,0 +1,2 @@
96+050_CVE-2008-1149.patch
97+051_CVE-2009-1151

Subscribers

People subscribed via source and target branches

to all changes: