Bug 161337 - [maintainer] databases/phpmyadmin security upate to 3.4.6.r1
Summary: [maintainer] databases/phpmyadmin security upate to 3.4.6.r1
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: Doug Barton
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-10-06 16:20 UTC by Matthew Seaman
Modified: 2011-10-07 01:50 UTC (History)
1 user (show)

See Also:

Attachments
phpmyadmin.diff (1.13 KB, patch)
2011-10-06 16:20 UTC, Matthew Seaman 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Seaman 2011-10-06 16:20:06 UTC 
Bugfix and Security update to 3.4.6.r1

From the announce message:

"Welcome to the first release candidate of phpMyAdmin 3.4.6, a bugfix
release containing also fixes for minor security problems.

Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.

Marc Delisle, for the team"

Security Advisories:

PMASA-2011-15
PMASA-2011-16

(These are not published yet...)

ChangeLog:

(http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.4.6-rc1%2FphpMyAdmin-3.4.6-rc1.html/view)

Welcome to the first release candidate for phpMyAdmin 3.4.6, a bugfix release containing also fixes for minor security problems.

3.4.6.0 (not yet released)
- patch #3404173 InnoDB comment display with tooltips/aliases
- bug #3404886 [navi] Edit SQL statement after error
- bug #3403165 [interface] Collation not displayed for long enum fields
- bug #3399951 [export] Config for export compression not used
- bug #3400690 [privileges] DB-specific privileges won't submit
- bug #3410604 [config] Configuration storage incorrect suggested table name
- bug #3383572 [interface] Cannot execute saved query
- bug #3411535 [display] Full text button unchecks results display options
- bug #3411224 [display] Broken binary column when 'Show binary contents' is not set
- bug #3411633 [core] Call to undefined function PMA_isSuperuser()
- bug #3413743 [interface] Display options link missing after search
- bug #3324161 [core] CSP policy causing designer JS buttons to fail
- bug #3412862 [relation] Relations/constraints are dropped/created on every change
- bug #3390832 [display] Delete records from last page breaks search
- bug #3392150 [schema] PMA_User_Schema::processUserChoice() is broken
- bug #3414744 [core] External link fails in 3.4.5
- patch #3314626 [display] CharTextareaRows is not respected
- bug #3417089 [synchronize] Extraneous db choices
- [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
- [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2011-10-06 16:20:17 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->dougb

dougb@ wants this port PRs (via the GNATS Auto Assign Tool)
Comment 2 dfilter service freebsd_committer freebsd_triage 2011-10-07 01:45:34 UTC 
dougb       2011-10-07 00:45:24 UTC

  FreeBSD ports repository

  Modified files:
    databases/phpmyadmin Makefile distinfo 
  Log:
  Bugfix and Security update to 3.4.6.r1
  
  From the announce message:
  
  "Welcome to the first release candidate of phpMyAdmin 3.4.6, a bugfix
  release containing also fixes for minor security problems.
  
  Details will appear on http://phpmyadmin.net. In a hurry? you can visit
  http://sourceforge.net/projects/phpmyadmin to download.
  
  Marc Delisle, for the team"
  
  Security Advisories:
  
  PMASA-2011-15
  PMASA-2011-16
  
  (These are not published yet...)
  
  ChangeLog:
  
  (http://sourceforge.net/projects/phpmyadmin/files%2FphpMyAdmin%2F3.4.6-rc1%2FphpMyAdmin-3.4.6-rc1.html/view)
  
  Welcome to the first release candidate for phpMyAdmin 3.4.6, a bugfix release containing also fixes for minor security problems.
  
  3.4.6.0 (not yet released)
  - patch #3404173 InnoDB comment display with tooltips/aliases
  - bug #3404886 [navi] Edit SQL statement after error
  - bug #3403165 [interface] Collation not displayed for long enum fields
  - bug #3399951 [export] Config for export compression not used
  - bug #3400690 [privileges] DB-specific privileges won't submit
  - bug #3410604 [config] Configuration storage incorrect suggested table name
  - bug #3383572 [interface] Cannot execute saved query
  - bug #3411535 [display] Full text button unchecks results display options
  - bug #3411224 [display] Broken binary column when 'Show binary contents' is not set
  - bug #3411633 [core] Call to undefined function PMA_isSuperuser()
  - bug #3413743 [interface] Display options link missing after search
  - bug #3324161 [core] CSP policy causing designer JS buttons to fail
  - bug #3412862 [relation] Relations/constraints are dropped/created on every change
  - bug #3390832 [display] Delete records from last page breaks search
  - bug #3392150 [schema] PMA_User_Schema::processUserChoice() is broken
  - bug #3414744 [core] External link fails in 3.4.5
  - patch #3314626 [display] CharTextareaRows is not respected
  - bug #3417089 [synchronize] Extraneous db choices
  - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15
  - [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16
  
  PR:             ports/161337
  Submitted by:   Matthew Seaman <m.seaman@infracaninophile.co.uk> [maintainer]
  
  Revision  Changes    Path
  1.143     +1 -1      ports/databases/phpmyadmin/Makefile
  1.120     +2 -2      ports/databases/phpmyadmin/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 3 Doug Barton freebsd_committer freebsd_triage 2011-10-07 01:45:59 UTC 
State Changed
From-To: open->closed


Committed, thanks!