From the announce message:
"Welcome to the first release candidate of phpMyAdmin 3.4.6, a bugfix
release containing also fixes for minor security problems.
Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team"
Security Advisories:
PMASA-2011-15
PMASA-2011-16
(These are not published yet...)
ChangeLog:
(http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.4.6-rc1%2FphpMyAdmin-3.4.6-rc1.html/view)
Welcome to the first release candidate for phpMyAdmin 3.4.6, a bugfix release containing also fixes for minor security problems.
3.4.6.0 (not yet released)
- patch #3404173 InnoDB comment display with tooltips/aliases
- bug #3404886 [navi] Edit SQL statement after error
- bug #3403165 [interface] Collation not displayed for long enum fields
- bug #3399951 [export] Config for export compression not used
- bug #3400690 [privileges] DB-specific privileges won't submit
- bug #3410604 [config] Configuration storage incorrect suggested table name
- bug #3383572 [interface] Cannot execute saved query
- bug #3411535 [display] Full text button unchecks results display options
- bug #3411224 [display] Broken binary column when 'Show binary contents' is not set
- bug #3411633 [core] Call to undefined function PMA_isSuperuser()
- bug #3413743 [interface] Display options link missing after search
- bug #3324161 [core] CSP policy causing designer JS buttons to fail
- bug #3412862 [relation] Relations/constraints are dropped/created on every change
- bug #3390832 [display] Delete records from last page breaks search
- bug #3392150 [schema] PMA_User_Schema::processUserChoice() is broken
- bug #3414744 [core] External link fails in 3.4.5
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
- [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16
PR: ports/161337
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> [maintainer]
http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php
Announcement-ID: PMASA-2011-2
Date: 2011-02-11
Summary
SQL query could be executed under another user.
Description
It was possible to create a bookmark which would be executed
unintentionally by other users.
Severity
We consider this vulnerability to be critical.
PR: ports/154695
Submitted by: me
Approved by: maintainer
Changes:
- bug #3059311 [import] BIGINT field type added to table analysis
- [core] Update library PHPExcel to version 1.7.4
- bug #3062455 [core] copy procedures and routines before tables
- bug #3062455 [export] with SQL, export procedures and routines before tables
- bug #3056023 [import] USE query not working
- bug #3038193 [display] Error when editing row with GEOMETRY column
- bug #3062454 [interface] Display routines/events also when no tables are
defined
- support ARIA storage engine as well as its previous name MARIA
PR: ports/151738
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
Approved by: pgollucci (mentor, implicit)
- Use USERS and GROUPS functionality , instead of supplying pkg-install
- Drop some warnings about changes that happened a long time ago now.
PR: 141801
Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer)
