Ubuntu
phpmyadmin package

lp:ubuntu/intrepid-security/phpmyadmin

  1. Intrepid (8.10)
  2. intrepid-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/intrepid-security/phpmyadmin
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

33. By Marc Deslauriers

* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
  - debian/patches/047-security-CVE-2009-3696-3697.dpatch: filter special
    characters in db_operations.php.
  - CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
  (LP: #450505)
  - debian/patches/047-security-CVE-2009-3696-3697.dpatch: filter and
    escape special characters in pdf_pages.php and pmd_pdf.php.
  - CVE-2009-3697

32. By Marc Deslauriers

* SECURITY UPDATE: remote code execution via PHP sequences in sort_by
  parameter
  - debian/patches/041-security-CVE-2008-4096.dpatch: add new
    PMA_usort_comparison_callback in libraries/database_interface.lib.php
  - CVE-2008-4096
* SECURITY UPDATE: cross-site scripting via NUL byte
  - debian/patches/042-security-CVE-2008-4326.dpatch: remove NUL bytes
    in libraries/js_escape.lib.php.
  - CVE-2008-4326
* SECURITY UPDATE: cross-site scripting in pmd_pdf.php when
  register_globals is enabled
  - debian/patches/043-security-CVE-2008-4775.dpatch: use
    PMA_generate_common_hidden_inputs in pmd_pdf.php.
  - CVE-2008-4775
* SECURITY UPDATE: code execution via CSRF vulnerability (LP: #306699)
  - debian/patches/044-security-CVE-2008-5621.dpatch: use PMA_backquote
    instead of PMA_sqlAddslashes in libraries/db_table_exists.lib.php.
  - CVE-2008-5621
* SECURITY UPDATE: code injection via multiple cross-site scripting
  vulnerabilities in display_export.lib.php
  - debian/patches/045-security-CVE-2009-1150.dpatch: strip special chars
    in libraries/display_export.lib.php.
  - CVE-2009-1150
* SECURITY UPDATE: code injection from PHP code in a configuration file
  via the save action.
  - debian/patches/046-security-CVE-2009-1151.dpatch: filter $key in
    scripts/setup.php.
  - CVE-2009-1151

31. By Thijs Kinkhorst

* New upstream release, only changes:
  + Updates Norwegian translation.
  + Fixes PHP notice on every page load.

30. By Thijs Kinkhorst

* New upstream release.
* Fixes security issue: XSRF/CSRF by manipulating the
  db, convcharset and collation_connection parameters.

29. By Thijs Kinkhorst

New upstream release.

28. By Thijs Kinkhorst

* New upstream release candidate.
  - Fixes an undisclosed security issue, which is most probably
    irrelevant to Debian, but medium urgency just in case.
  - Fixes session hash_bits override (Closes: #474557).
* Checked for policy 3.8.0, add README.source.

27. By Thijs Kinkhorst

New upstream bugfix release.

26. By Emanuele Gentili

* SECURITY UPDATE:
 + debian/patches/050_CVE-2008-1149.dpatch
  - Provides unauthorized access, Allows partial confidentiality, integrity, and
    availability violation , Allows unauthorized disclosure of information ,
    Allows disruption of service. (LP: #198745)
* References:
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1149
 + http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1
* debian/control:
 + updated maintainer field

25. By Thijs Kinkhorst

New upstream release.

24. By Thijs Kinkhorst

* New upstream release.
* Fixes cross site scripting issue (PMASA-2007-8).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/phpmyadmin
This branch contains Public information 
Everyone can see this information.

Subscribers