Back to phpmyadmin PTS page

Accepted phpmyadmin 4:4.6.5.1-1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted phpmyadmin 4:4.6.5.1-1 (source) into unstable
From: Michal Čihař <nijel@debian.org>
Date: Mon, 28 Nov 2016 09:48:25 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1cBIXx-000FcW-KL@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 28 Nov 2016 10:22:19 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source
Version: 4:4.6.5.1-1
Distribution: unstable
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Michal Čihař <nijel@debian.org>
Description:
 phpmyadmin - MySQL web administration tool
Changes:
 phpmyadmin (4:4.6.5.1-1) unstable; urgency=high
 .
   * New upstream release, fixing several security issues:
     - Unsafe generation of $cfg['blowfish_secret']
       (PMASA-2016-58)
     - phpMyAdmin's phpinfo functionality is removed
       (PMASA-2016-59)
     - AllowRoot and allow/deny rule bypass with specially-crafted username
       (PMASA-2016-60)
     - Username matching weaknesses with allow/deny rules
       (PMASA-2016-61)
     - Possible to bypass logout timeout
       (PMASA-2016-62)
     - Full path disclosure (FPD) weaknesses
       (PMASA-2016-63)
     - Multiple XSS weaknesses
       (PMASA-2016-64)
     - Multiple denial-of-service (DOS) vulnerabilities
       (PMASA-2016-65)
     - Possible to bypass white-list protection for URL redirection
       (PMASA-2016-66)
     - BBCode injection to login page
       (PMASA-2016-67)
     - Denial-of-service (DOS) vulnerability in table partitioning
       (PMASA-2016-68)
     - Multiple SQL injection vulnerabilities
       (PMASA-2016-69)
     - Incorrect serialized string parsing
       (PMASA-2016-70)
     - CSRF token not stripped from the URL
       (PMASA-2016-71)
Checksums-Sha1:
 baf22e494993bba740132223ffb9893e0e97eeb7 1948 phpmyadmin_4.6.5.1-1.dsc
 42c375cd64ac4eebb79ca28c9dbb7622e054919b 6162164 phpmyadmin_4.6.5.1.orig.tar.xz
 8dd33da4461dc86b77ff07246379e7c8f57fb44f 79324 phpmyadmin_4.6.5.1-1.debian.tar.xz
Checksums-Sha256:
 75694ace1fdb75c65140b6e364d02f1b914f0ee3d03f1229818cba4d89746495 1948 phpmyadmin_4.6.5.1-1.dsc
 e163b08b6d1137fd7c48ea97e8e53be415b1937f5e5f7e070936a60c3b9a3df0 6162164 phpmyadmin_4.6.5.1.orig.tar.xz
 4e8da8b2b2899c4d5096f4fee6e7101b0536e5bcc8768253da555b842f491e34 79324 phpmyadmin_4.6.5.1-1.debian.tar.xz
Files:
 95eadaadacf424779141dfcb11fb05aa 1948 web extra phpmyadmin_4.6.5.1-1.dsc
 519c03b0296fb7ec854d57ecd43cd07f 6162164 web extra phpmyadmin_4.6.5.1.orig.tar.xz
 5bb91838050304c6ab5c11b5d8662b9f 79324 web extra phpmyadmin_4.6.5.1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEh+Zzr4P2w6DDRMjD9KoinU1YwkUFAlg7+VQACgkQ9KoinU1Y
wkW76RAAt2xmGMcYOeKgC+M5iqCJiexGYyJ3/VWTQn9GjFW0rRZ1m2PlwW7TmXlr
dfc+mbQRaf+QweYYJ4lAPjyx4aPpLAbE6+TItzBEWDYuNFZJgHjBreOKJx5pEiey
OCvopD5ocYKMmt9vMce9L1/Qs8ipkCG45WYtwU1zTouhIJQkC6YxCAh7K/WKv8Ux
llh0PUCCRkbLFnhi/wmpdrQno5f8Prhv86dRBA2oJvNhPXVbUh341EOzCu1FBfyj
iNkahHbwlJHZ3yLoZ8Cpp5ZW0HN1ZVFAPIbzpUY8WLq4NSb1zH172VPmyPBw8UcU
4PNwk0k6yutxE5cfVsNyOIWk/sZ9SK/6HxvILUVuLTBdpdnj6uJCHXp/68++be41
2MGGnuescnZO3KoEjI2C10slyNn+JokuCd2WSMg9h/4mthQx61IQ9dzd1d8Ciz3k
joZf9Lod0ZdYzKMAuW04l4COtWbHFNSSJdqYCXqJRIzBrXqAC0t3HyuoAfQf31LZ
nzMzJ6P8RBZ/NOzeIjJWyx45BpmBwMW73jWdqNefcmYm0t/5GH7kX8eZoeCaGlp9
W6Esm+N7BQ3I8yC4bNNOFxDZ1uApvsdhv5df9vkAUU//9jToa7Hs0TIml4tIW7Gr
A3JTL8x6YbTrLsT68z9giIU3s+p0UbpVgtc+Yqob9B/W05q8OU4=
=N/cS
-----END PGP SIGNATURE-----