Ubuntu
phpmyadmin package

lp:~julian-ladisch/ubuntu/precise/phpmyadmin/3.4.11.1-2+deb7u1

Precise (12.04)
3.4.11.1-2+deb7u1

Created by Julian Ladisch on 2015-10-16 and last modified on 2015-10-16

Get this branch:: bzr branch lp:~julian-ladisch/ubuntu/precise/phpmyadmin/3.4.11.1-2+deb7u1

Only Julian Ladisch can upload to this branch. If you are Julian Ladisch please log in for upload directions.

Branch merges

No branches dependent on this one.

Related bugs

Bug #1441568: CVE 2012-1902: Path disclosure due to missing verification of file presence.	Undecided	Expired
Bug #1441587: CVE-2012-4345: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.	Undecided	Fix Released
Bug #1441590: CVE-2014-1879: Self-XSS due to unescaped HTML output in import.	Undecided	Expired

Link a bug report

Related blueprints

Branch information

Owner:: Julian Ladisch

Status:: Development

Recent revisions

77. By Julian Ladisch on 2015-10-16: * Fix security issues:
  - CVE-2014-1879: Self-XSS due to unescaped HTML output in import.
    LP: #1441590
  - CVE-2013-5003: SQL injection vulnerabilities (control user) (3.4.x is not affected).
  - CVE-2013-5002: Self-XSS due in schema export (3.4.x is not affected).
  - CVE-2013-4996: XSS in Logo Link and Trusted Proxy List (3.4.x is not affected).
  - CVE-2013-4995: XSS in HTML Output when executing a SQL query (3.4.x is not affected).
* Fix security issue:
  - CVE-2013-3239: Locally Saved SQL Dump File Multiple File Extension
    Remote Code Execution (3.4.x is not affected).
* New upstream security release.
  - CVE-2012-4345, CVE-2012-4579: Multiple XSS in Table operations,
    Database structure, Trigger and Visualize GIS data pages.
    LP: #1441587
* New upstream release.
* Add alternative dependency to php5-mysqlnd (closes: #665812).
* New upstream release.
  - CVE-2012-1902: Path disclosure due to missing verification of file presence.
    LP: #1441568
* Checked for policy 3.9.3, no changes.
76. By Thijs Kinkhorst on 2012-02-19: * New upstream release.
- Fixes rather hypothetical XSS (CVE-2012-1190).
75. By Thijs Kinkhorst on 2012-02-14: * New upstream release.
+ Fixes ODS import (closes: #593621)
* Update reference to compressed README.Debian (closes: #656664)
74. By Michal Čihař on 2011-12-22: * New upstream release.
+ Fixes XSS: PMASA-2011-19/CVE-2011-4782, PMASA-2011-20/CVE-2011-4780.
* Enable fastcgi-php when installing with lighttpd (LP #852337).
73. By Michal Čihař on 2011-12-02: * New upstream release.
+ Fixes XSS: CVE-2011-4634, PMASA-2011-18.
72. By Michal Čihař on 2011-11-11: * New upstream security release.
+ Fixes local file retrieval: CVE-2011-4107, PMASA-2011-17
71. By Michal Čihař on 2011-11-07: New upstream release.
70. By Thijs Kinkhorst on 2011-10-17: * New upstream security release.
+ Addresses non-issues (for Debian): CVE-2011-3646 CVE-2011-4064
* Cleanup leftover mootools symlinks (closes: #642212).
69. By Thijs Kinkhorst on 2011-09-14: * New upstream release.
* Fixes XSS when in-place editing rows [PMASA-2011-14].
68. By Thijs Kinkhorst on 2011-08-27: * New upstream release.
* Fixes XSS in Tracking [PMASA-2011-13, CVE-2011-3181].

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/wily/phpmyadmin

This branch contains Public information

Everyone can see this information.

Subscribers

Julian Ladisch

Ubuntuphpmyadmin package