Security update: multiple vulnerabilities in databases/phpmyadmin and

databases/phpmyadmin35 - update phpmyadmin to 4.0.4.2 ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view - update phpmyadmin35 to 3.5.8.2 ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view - vuxml The PMSA references shown have not been published yet, hence no CVE numbers and a lack of detail in the descriptions. Yes, PMSA-2013-10 is missing from the sequence. According to the security alert e-mail: "For more details, see the upcoming PMASA-2013-8 to PMASA-2013-15 (minus PMASA-2013-10 which is reserved for a future advisory)."
svn path=/head/; revision=323835
2013-07-28 15:38:44 +00:00 · 2013-07-28 15:38:44 +00:00 · 87373d972a · 2021-03-31 03:12:20 +00:00
commit 87373d972a
parent db0618a912
5 changed files with 65 additions and 6 deletions
--- a/databases/phpmyadmin/Makefile
+++ b/databases/phpmyadmin/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=	phpMyAdmin
-DISTVERSION=	4.0.4.1
+DISTVERSION=	4.0.4.2
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
 DISTNAME=	${PORTNAME}-${DISTVERSION}-all-languages
--- a/databases/phpmyadmin/distinfo
+++ b/databases/phpmyadmin/distinfo
@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = da15749b29d2a3011f9ad83e035f7d8a4f478a0b14179b1d3ea9441e8739c6bb
-SIZE (phpMyAdmin-4.0.4.1-all-languages.tar.xz) = 4411500
+SHA256 (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 0c13b9136092e33c0e4ce07d88818b989a7aa45d5c47f089df69719b4cc97fe5
+SIZE (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 4367316
--- a/databases/phpmyadmin35/Makefile
+++ b/databases/phpmyadmin35/Makefile
@ -2,7 +2,7 @@
 # $FreeBSD$

 PORTNAME=	phpMyAdmin35
-DISTVERSION=	3.5.8.1
+DISTVERSION=	3.5.8.2
 CATEGORIES=	databases www
 MASTER_SITES=	SF/${PORTNAME:L:S/35//}/${PORTNAME:S/35//}/${DISTVERSION}
 DISTNAME=	${PORTNAME:S/35//}-${DISTVERSION}-all-languages
--- a/databases/phpmyadmin35/distinfo
+++ b/databases/phpmyadmin35/distinfo
@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = c66737ff55369b1c9e4b116e68f3c517faf7c4bc17e289d008d74fde6c8260f6
-SIZE (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = 3744808
+SHA256 (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = fe9d4a6d25a953f291db171441314c31d3976f7d85296ceec26b1bb5ee84afe2
+SIZE (phpMyAdmin-3.5.8.2-all-languages.tar.xz) = 3743436
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -51,6 +51,65 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="f4a0212f-f797-11e2-9bb9-6805ca0b3d42">
+    <topic>phpMyAdmin -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>phpMyAdmin</name>
+	<range><ge>4.0</ge><lt>4.0.4.2</lt></range>
+      </package>
+      <package>
+	<name>phpMyAdmin35</name>
+	<range><ge>3.5</ge><lt>3.5.8.2</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The phpMyAdmin development team reports:</p>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php">
+	  <p>Self-XSS in "Showing rows." (phpMyAdmin35 only)</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php">
+	  <p>Self-XSS in Display chart.</p>
+	  <p>Stored XSS in Server status monitor.</p>
+	  <p>Stored XSS in navigation panel logo link (phpMyAdmin35 only).</p>
+	  <p>Self-XSS in setup, trusted proxies validation.</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php">
+	  <p>Unencoded json object.</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php">
+	  <p>Full path disclosure.</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php">
+	  <p>Stored XSS in link transformation plugin.</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php">
+	  <p>Self-XSS in schema export.</p>
+	</blockquote>
+	<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php">
+	  <p>Control user SQL injection in pmd_pdf.php.</p>
+	  <p>Control user SQL injection in schema_export.php.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php</url>
+      <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php</url>
+      <url>http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.4.2/phpMyAdmin-4.0.4.2-notes.html/view</url>
+      <url>http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.5.8.2/phpMyAdmin-3.5.8.2-notes.html/view</url>
+    </references>
+    <dates>
+      <discovery>2013-07-28</discovery>
+      <entry>2013-07-28</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="049332d2-f6e1-11e2-82f3-000c29ee3065">
    <topic>wordpress -- multiple vulnerabilities</topic>
    <affects>