Bug 163290 - [maintainer] databases/phpmyadmin -- security update to 3.4.9.r1
[maintainer] databases/phpmyadmin -- security update to 3.4.9.r1
Status: Closed FIXED
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s)
Latest
Any Any
: Normal Affects Only Me
Assigned To: dougb
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-14 17:30 UTC by m.seaman
Modified: 2011-12-16 01:50 UTC (History)
0 users

See Also:


Attachments
phpmyadmin.diff (1.34 KB, patch)
2011-12-14 17:30 UTC, m.seaman
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description m.seaman 2011-12-14 17:30:10 UTC
Yet another update incorporating security fixes.  As has been the
practice recently, this update contains quick reaction patches but the
full details and security advisories (PMASA-2011-19, PMASA-2011-20)
are not yet available.

Announcement message:

"Welcome to the first release candidate for phpMyAdmin 3.4.9, a bugfix
release with minor security corrections.

Please refer to the upcoming PMASA-2011-19 and PMASA-2011-20 
announcements on http://www.phpmyadmin.net/home_page/security.

Details will appear on http://phpmyadmin.net. In a hurry? you can visit
http://sourceforge.net/projects/phpmyadmin to download.

Marc Delisle, for the team"

ChangeLog:

Welcome to the first release candidate for phpMyAdmin 3.4.9, a bugfix release 
with minor security corrections.

3.4.9.0 (not yet released)
- bug #3442028 [edit] Inline editing enum fields with null shows no dropdown
- bug #3442004 [interface] DB suggestion not correct for user with underscore
- bug #3438420 [core] Magic quotes removed in PHP 5.4
- bug #3398788 [session] No feedback when result is empty (signon auth_type)
- bug #3384035 [display] Problems regarding ShowTooltipAliasTB
- bug #3306875 [edit] Can't rename a database that contains views
- bug #3452506 [edit] Unable to move tables with triggers
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension
- [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
- [security] Self-XSS in setup (host parameter), see PMASA-2011-19

http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.9-rc1/phpMyAdmin-3.4.9-rc1-notes.html/download

While here:

Switch to using lzma compressed tarballs, for a saving of about 1MB
per download.
Comment 1 Edwin Groothuis freebsd_committer 2011-12-14 17:30:23 UTC
Responsible Changed
From-To: freebsd-ports-bugs->dougb

dougb@ wants this port PRs (via the GNATS Auto Assign Tool)
Comment 2 dougb freebsd_committer 2011-12-14 23:27:17 UTC
State Changed
From-To: open->analyzed


Working on testing the new version
Comment 3 dfilter freebsd_committer 2011-12-16 01:44:12 UTC
dougb       2011-12-16 01:43:54 UTC

  FreeBSD ports repository

  Modified files:
    databases/phpmyadmin Makefile distinfo 
  Log:
  "Welcome to the first release candidate for phpMyAdmin 3.4.9, a bugfix
  release with minor security corrections.
  
  Please refer to the upcoming PMASA-2011-19 and PMASA-2011-20
  announcements on http://www.phpmyadmin.net/home_page/security.
  
  Details will appear on http://phpmyadmin.net. In a hurry? you can visit
  http://sourceforge.net/projects/phpmyadmin to download.
  
  Marc Delisle, for the team"
  
  ChangeLog:
  
  3.4.9.0 (not yet released)
  - bug #3442028 [edit] Inline editing enum fields with null shows no dropdown
  - bug #3442004 [interface] DB suggestion not correct for user with underscore
  - bug #3438420 [core] Magic quotes removed in PHP 5.4
  - bug #3398788 [session] No feedback when result is empty (signon auth_type)
  - bug #3384035 [display] Problems regarding ShowTooltipAliasTB
  - bug #3306875 [edit] Can't rename a database that contains views
  - bug #3452506 [edit] Unable to move tables with triggers
  - bug #3449659 [navi] Fast filter broken with table tree
  - bug #3448485 [GUI] Firefox favicon frameset regression
  - [core] Better compatibility with mysql extension
  - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
  - [security] Self-XSS in setup (host parameter), see PMASA-2011-19
  
  http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/3.4.9-rc1/phpMyAdmin-3.4.9-rc1-notes.html/download
  
  For the port:
  
  Switch to using lzma compressed tarballs, for a saving of about 1MB
  per download.
  
  PR:             ports/163290
  Submitted by:   Matthew Seaman <m.seaman@infracaninophile.co.uk>
  
  Revision  Changes    Path
  1.150     +2 -2      ports/databases/phpmyadmin/Makefile
  1.126     +2 -2      ports/databases/phpmyadmin/distinfo
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 dougb freebsd_committer 2011-12-16 01:45:23 UTC
State Changed
From-To: analyzed->closed


Committed, thanks!