68557 – [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1

Bug 68557 - [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1

Summary: [Maintainer update] databases/phpmyadmin security update to 2.5.7-pl1

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Only Me
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2004-07-01 14:10 UTC by Matthew Seaman
Modified:	2004-07-02 00:51 UTC (History)
CC List:	0 users

See Also:

Attachments
phpmyadmin.diff (863 bytes, patch) 2004-07-01 14:10 UTC, Matthew Seaman	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthew Seaman 2004-07-01 14:10:18 UTC

Security patch to version 2.5.7-pl1.  See

    http://sourceforge.net/forum/forum.php?forum_id=387635

    http://www.securityfocus.com/archive/1/367486/2004-06-28/2004-07-04/0

    There is a vulnerability in phpMyAdmin version 2.5.7. 
    This vulnerability would allow remote user to inject  
    php codes 
    to be executed by eval() function (in file left.php). 
    However, This vulnerability only effect if variable 
    $cfg['LeftFrameLight'] 
    set to    FALSE (in file config.inc.php)

Comment 1 Pav Lucistnik freebsd_committer

2004-07-02 00:51:21 UTC

State Changed
From-To: open->closed

Committed, thanks!