Back to phpmyadmin PTS page

Accepted phpmyadmin 4:4.6.4+dfsg1-1 (source all) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted phpmyadmin 4:4.6.4+dfsg1-1 (source all) into unstable
From: Michal Čihař <nijel@debian.org>
Date: Wed, 17 Aug 2016 10:21:55 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1bZxyt-0003JL-0V@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 17 Aug 2016 10:05:21 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:4.6.4+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Michal Čihař <nijel@debian.org>
Description:
 phpmyadmin - MySQL web administration tool
Changes:
 phpmyadmin (4:4.6.4+dfsg1-1) unstable; urgency=high
 .
   * Repacked sources to exclude non free sRGB profile.
   * Replace FollowSymLinks with SymLinksIfOwnerMatch to apache configuration.
   * Updated Chinese debconf translations.
   * Better generate blowfish_secret.
   * New upstream release, fixing several security issues:
     - Weaknesses with cookie encryption
       (PMASA-2016-29, CVE-2016-6606)
     - Multiple XSS vulnerabilities
       (PMASA-2016-30, CVE-2016-6607)
     - Multiple XSS vulnerabilities
       (PMASA-2016-31, CVE-2016-6608)
     - PHP code injection
       (PMASA-2016-32, CVE-2016-6609)
     - Full path disclosure
       (PMASA-2016-33, CVE-2016-6610)
     - SQL injection attack
       (PMASA-2016-34, CVE-2016-6611)
     - Local file exposure through LOAD DATA LOCAL INFILE
       (PMASA-2016-35, CVE-2016-6612)
     - Local file exposure through symlinks with UploadDir
       (PMASA-2016-36, CVE-2016-6613)
     - Path traversal with SaveDir and UploadDir
       (PMASA-2016-37, CVE-2016-6614)
     - Multiple XSS vulnerabilities
       (PMASA-2016-38, CVE-2016-6615)
     - SQL injection vulnerability as control user
       (PMASA-2016-39, CVE-2016-6616)
     - SQL injection vulnerability
       (PMASA-2016-40, CVE-2016-6617)
     - Denial-of-service attack through transformation feature
       (PMASA-2016-41, CVE-2016-6618)
     - SQL injection vulnerability as control user
       (PMASA-2016-42, CVE-2016-6619)
     - Verify data before unserializing
       (PMASA-2016-43, CVE-2016-6620)
     - SSRF in setup script
       (PMASA-2016-44, CVE-2016-6621)
     - Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and
     persistent connections
       (PMASA-2016-45, CVE-2016-6622)
     - Denial-of-service attack by using for loops
       (PMASA-2016-46, CVE-2016-6623)
     - Possible circumvention of IP-based allow/deny rules with IPv6 and proxy
     server
       (PMASA-2016-47, CVE-2016-6624)
     - Detect if user is logged in
       (PMASA-2016-48, CVE-2016-6625)
     - Bypass URL redirection protection
       (PMASA-2016-49, CVE-2016-6626)
     - Referrer leak
       (PMASA-2016-50, CVE-2016-6627)
     - Reflected File Download
       (PMASA-2016-51, CVE-2016-6628)
     - ArbitraryServerRegexp bypass
       (PMASA-2016-52, CVE-2016-6629)
     - Denial-of-service attack by entering long password
       (PMASA-2016-53, CVE-2016-6630)
     - Remote code execution vulnerability when running as CGI
       (PMASA-2016-54, CVE-2016-6631)
     - Denial-of-service attack when PHP uses dbase extension
       (PMASA-2016-55, CVE-2016-6632)
     - Remove tode execution vulnerability when PHP uses dbase extension
       (PMASA-2016-56, CVE-2016-6633)
Checksums-Sha1:
 5b146f0d37a0fe6c8631235d185b9e0667d6800c 1943 phpmyadmin_4.6.4+dfsg1-1.dsc
 46ada4875a977e9d3fc17fb63908ea0500182fb9 6224348 phpmyadmin_4.6.4+dfsg1.orig.tar.xz
 60b52e26f7f5da8842408e42b50fe2d036390a25 78764 phpmyadmin_4.6.4+dfsg1-1.debian.tar.xz
 539816c15ea36ec37cc35e2b6145ed060d71479d 3870594 phpmyadmin_4.6.4+dfsg1-1_all.deb
Checksums-Sha256:
 b0a70dd4d8d9626c8f0dc201aeb22849e4437679d875234a9a1482497cd54e8d 1943 phpmyadmin_4.6.4+dfsg1-1.dsc
 9397b1e53e0fc070827707845ae45d37af67fe85f840a1d898f69518d9b29070 6224348 phpmyadmin_4.6.4+dfsg1.orig.tar.xz
 f804b8304dfb54a6e000f3ab64f2d518586150994bd658f720bb71cc29b2b46d 78764 phpmyadmin_4.6.4+dfsg1-1.debian.tar.xz
 4733cd267c629805b2b2d630c7d33fad7035e468c7314b3c505a9e81cf34dd21 3870594 phpmyadmin_4.6.4+dfsg1-1_all.deb
Files:
 aea5aec1eac43648607be034bec29310 1943 web extra phpmyadmin_4.6.4+dfsg1-1.dsc
 ab4b4c687d2e61bd17c37979e8e402ec 6224348 web extra phpmyadmin_4.6.4+dfsg1.orig.tar.xz
 3d270735caeb5473d621b674c5d715bc 78764 web extra phpmyadmin_4.6.4+dfsg1-1.debian.tar.xz
 52609e12303c3d9630c8a1bba943cdf9 3870594 web extra phpmyadmin_4.6.4+dfsg1-1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJXtBtSAAoJEPSqIp1NWMJFMk4P/05RB/n8HuQOgMe0kHjwxr7h
Wp0j8o8hqspFIVBtzxCLVE3/c4I46WvGnsatPWmT+8oerKa/Kd50/80kgsT3yq2J
ZNZdGDhkr9NhgA0N+r5ITyBuKfLkdXHYzHL2RzjEcz+Y/OtpAQSCCUcL8uxGXPir
T1VvfuMg5yZj40sl4u41jGevTcoGUGLdqPBLugL+pMusIVettL9CFw7NtJSDO9WR
0em6oIUr7/udDbBcQL9b6l7AcBqonfT9zU4IdDBRBxvdg8xxvZapeNdZD3bno3N4
N/u1gc6UT5lk7pBDzLqugLpHvzol9lfvLEF4YdX3aSEWgFSNtDn4YlrT20hBxLp0
I3x4PwNP1tWaUHfPbeXNO0UGlmskyGWWIUfoBPjmVMXYMPl4YjuPgPrwMy3jwrtj
Gdnvoewowl4mk0JwXdeXA9snhLiE3H4GUhlsO6mvmnCQdj2C1hq8uLgH6MPo3IKj
1tZGpXTpy5aWTdJVkU8KMI1Ls5JW/sTiHcKivJUdWFCllaSCMfod7Tn4kbBPvu6m
UzAs9MLBDAK3MwhrkEeTAaijuWYbnvK/mRiSJZDdnPKVNspnvrwnhPxzhDmVM0dK
SS/FUvUgIh8wHDbv/nFeeiaFHcX67odHUO21lGZodEglnonN0b7wGAwsr06evnxZ
lMn7kwOphzm17O9Zpymo
=xKqt
-----END PGP SIGNATURE-----