sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-16 16:59:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Security upgrade to 4.0.3

Browse source 
Advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php

ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.3/phpMyAdmin-4.0.3-notes.html/view

Security:	6b97436c-ce1e-11e2-9cb2-6805ca0b3d42
This commit is contained in:
Matthew Seaman 2013-06-05 22:02:13 +00:00
parent 3d417416bf
commit e9dd2fa24f
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=320032
3 changed files with 34 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
databases/phpmyadmin/Makefile
View file

@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= phpMyAdmin
DISTVERSION= 4.0.2
DISTVERSION= 4.0.3
CATEGORIES= databases www
MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages

4
databases/phpmyadmin/distinfo
View file

@ -1,2 +1,2 @@
SHA256 (phpMyAdmin-4.0.2-all-languages.tar.xz) = fad443ccfbf40c7e54bc04dde32423b9837a50e54771ff4c424ad31561d1082f
SIZE (phpMyAdmin-4.0.2-all-languages.tar.xz) = 4360284
SHA256 (phpMyAdmin-4.0.3-all-languages.tar.xz) = a1e2d663ee8976402dd18818cc8479eb34019a82553df0009af1036e63629a93
SIZE (phpMyAdmin-4.0.3-all-languages.tar.xz) = 4400480

31
security/vuxml/vuln.xml
View file

@ -51,6 +51,37 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="6b97436c-ce1e-11e2-9cb2-6805ca0b3d42">
<topic>phpMyAdmin -- XSS due to unescaped HTML output in Create View page</topic>
<affects>
<package>
<name>phpMyAdmin</name>
<range><ge>4.0</ge><lt>4.0.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The phpMyAdmin development team reports:</p>
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php">
<p>When creating a view with a crafted name and an incorrect
CREATE statement, it is possible to trigger an XSS.</p>
<p>This vulnerability can be triggered only by someone who
logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required
form.</p>
</blockquote>
</body>
</description>
<references>
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php</url>
<cvename>CVE-2013-3742</cvename>
</references>
<dates>
<discovery>2013-06-05</discovery>
<entry>2013-06-05</entry>
</dates>
</vuln>
<vuln vid="a3c2dee5-cdb9-11e2-b9ce-080027019be0">
<topic>telepathy-gabble -- TLS verification bypass</topic>
<affects>