lp:ubuntu/intrepid-updates/phpmyadmin
- Get this branch:
- bzr branch lp:ubuntu/intrepid-updates/phpmyadmin
Branch merges
Branch information
Recent revisions
- 33. By Marc Deslauriers
-
* SECURITY UPDATE: XSS via a crafted name for a MySQL table (LP: #450505)
- debian/patches/ 047-security- CVE-2009- 3696-3697. dpatch: filter special
characters in db_operations.php.
- CVE-2009-3696
* SECURITY UPDATE: SQL injection via PDF schema generator functionality
(LP: #450505)
- debian/patches/ 047-security- CVE-2009- 3696-3697. dpatch: filter and
escape special characters in pdf_pages.php and pmd_pdf.php.
- CVE-2009-3697 - 32. By Marc Deslauriers
-
* SECURITY UPDATE: remote code execution via PHP sequences in sort_by
parameter
- debian/patches/ 041-security- CVE-2008- 4096.dpatch: add new
PMA_usort_compariso n_callback in libraries/ database_ interface. lib.php
- CVE-2008-4096
* SECURITY UPDATE: cross-site scripting via NUL byte
- debian/patches/ 042-security- CVE-2008- 4326.dpatch: remove NUL bytes
in libraries/js_escape. lib.php.
- CVE-2008-4326
* SECURITY UPDATE: cross-site scripting in pmd_pdf.php when
register_globals is enabled
- debian/patches/ 043-security- CVE-2008- 4775.dpatch: use
PMA_generate_ common_ hidden_ inputs in pmd_pdf.php.
- CVE-2008-4775
* SECURITY UPDATE: code execution via CSRF vulnerability (LP: #306699)
- debian/patches/ 044-security- CVE-2008- 5621.dpatch: use PMA_backquote
instead of PMA_sqlAddslashes in libraries/db_table_ exists. lib.php.
- CVE-2008-5621
* SECURITY UPDATE: code injection via multiple cross-site scripting
vulnerabilities in display_export. lib.php
- debian/patches/ 045-security- CVE-2009- 1150.dpatch: strip special chars
in libraries/display_ export. lib.php.
- CVE-2009-1150
* SECURITY UPDATE: code injection from PHP code in a configuration file
via the save action.
- debian/patches/ 046-security- CVE-2009- 1151.dpatch: filter $key in
scripts/setup.php.
- CVE-2009-1151 - 31. By Thijs Kinkhorst
-
* New upstream release, only changes:
+ Updates Norwegian translation.
+ Fixes PHP notice on every page load. - 30. By Thijs Kinkhorst
-
* New upstream release.
* Fixes security issue: XSRF/CSRF by manipulating the
db, convcharset and collation_connection parameters. - 28. By Thijs Kinkhorst
-
* New upstream release candidate.
- Fixes an undisclosed security issue, which is most probably
irrelevant to Debian, but medium urgency just in case.
- Fixes session hash_bits override (Closes: #474557).
* Checked for policy 3.8.0, add README.source. - 26. By Emanuele Gentili
-
* SECURITY UPDATE:
+ debian/patches/ 050_CVE- 2008-1149. dpatch
- Provides unauthorized access, Allows partial confidentiality, integrity, and
availability violation , Allows unauthorized disclosure of information ,
Allows disruption of service. (LP: #198745)
* References:
+ http://nvd.nist. gov/nvd. cfm?cvename= CVE-2008- 1149
+ http://www.phpmyadmin. net/home_ page/security. php?issue= PMASA-2008- 1
* debian/control:
+ updated maintainer field
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/phpmyadmin