Update to a release candidate version, counter to my usual policy of just tracking release versions, as there is a security fix included. The phpMyAdmin project seems to be being a bit coy about releasing an advisory though: From the changelog: - protection against XSS when register_globals is on and .htaccess has no effect, thanks to Tim Starling The Announcement message: "Welcome to the second release candidate for phpMyAdmin 2.11.7, a bugfix-only release. This rc contains a security fix; an advisory will be published in a few days. Download info available on http://www.phpmyadmin.net. Marc Delisle, for the team"
Responsible Changed From-To: freebsd-ports-bugs->miwi I'll take it.
miwi 2008-06-28 23:39:48 UTC FreeBSD ports repository Modified files: security/vuxml vuln.xml Log: - Document phpmyadmin - Cross Site Scripting Vulnerability PR: 124900 Revision Changes Path 1.1650 +35 -1 ports/security/vuxml/vuln.xml _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
miwi 2008-06-28 23:45:06 UTC FreeBSD ports repository Modified files: databases/phpmyadmin Makefile distinfo Log: - Update to 2.11.7 PR: 124900 Submitted by: Matthew Seaman <m.seaman@infracaninophile.co.uk> (maintainer) Security: http://www.vuxml.org/freebsd/e285a1f4-4568-11dd-ae96-0030843d3802.html Revision Changes Path 1.87 +3 -4 ports/databases/phpmyadmin/Makefile 1.70 +3 -3 ports/databases/phpmyadmin/distinfo _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
State Changed From-To: open->closed Committed. Thanks!