Back to phpmyadmin PTS page

Accepted phpmyadmin 4:3.4.11.1-2+deb7u7 (source all) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted phpmyadmin 4:3.4.11.1-2+deb7u7 (source all) into oldstable
From: Brian May <bam@debian.org>
Date: Thu, 22 Dec 2016 06:20:11 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1cJwjb-0002E4-2P@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 06 Dec 2016 08:18:14 +1100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:3.4.11.1-2+deb7u7
Distribution: wheezy-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Brian May <bam@debian.org>
Description:
 phpmyadmin - MySQL web administration tool
Changes:
 phpmyadmin (4:3.4.11.1-2+deb7u7) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2016-4412 / PMASA-2016-57: A user can be tricked in following a
     link leading to phpMyAdmin, which after authentication redirects to
     another malicious site.
   * CVE-2016-6626 / PMASA-2016-49: In the fix for PMASA-2016-57, we didn't
     have sufficient checking and was possible to bypass whitelist.
   * CVE-2016-9849 / PMASA-2016-60: Username deny rules bypass (AllowRoot &
     Others) by using Null Byte.
   * CVE-2016-9850 / PMASA-2016-61: Username matching for the allow/deny rules
     may result in wrong matches and detection of the username in the rule due
     to non-constant execution time.
   * CVE-2016-9861 / PMASA-2016-66: In the fix for PMASA-2016-49, we has buggy
     checks and was possible to bypass whitelist.
   * CVE-2016-9864 / PMASA-2016-69: Multiple SQL injection vulnerabilities.
   * CVE-2016-9865 / PMASA-2016-70: Due to a bug in serialized string parsing,
     it was possible to bypass the protection offered by PMA_safeUnserialize()
     function.
Checksums-Sha1:
 aa07fd9e19021b50101e7e35800cc070919f2eda 1955 phpmyadmin_3.4.11.1-2+deb7u7.dsc
 d9f420c7664815ac91b63046f9ab2869adb1c2ab 5844325 phpmyadmin_3.4.11.1.orig.tar.gz
 728d79372fada8ac8e076f04f12b63ba0011827a 109506 phpmyadmin_3.4.11.1-2+deb7u7.debian.tar.gz
 2807ec179d8fe5ad6d093bcc4584877c9f6e03f1 5541358 phpmyadmin_3.4.11.1-2+deb7u7_all.deb
Checksums-Sha256:
 c956a378a32eb6dfe039853607e4cc3ac2cafb5198eee46d9a1c1b65c8938e47 1955 phpmyadmin_3.4.11.1-2+deb7u7.dsc
 e29332102cb1f9aac583c71e2b73c8916d3bbb8771fb8a28a4863e837be0dae6 5844325 phpmyadmin_3.4.11.1.orig.tar.gz
 f847c88355f7ec445d293bad50196dba1e15078889358a5c58d536a6bae20ec8 109506 phpmyadmin_3.4.11.1-2+deb7u7.debian.tar.gz
 9a8cc217674bc42d5fd6ffd4d6a5dab7169101f51aa69969820ce0c9cddd3027 5541358 phpmyadmin_3.4.11.1-2+deb7u7_all.deb
Files:
 af007d38ad7e2cd01869a52f7f5004f4 1955 web extra phpmyadmin_3.4.11.1-2+deb7u7.dsc
 e54cedac04ef1743eae381c9affd2fc1 5844325 web extra phpmyadmin_3.4.11.1.orig.tar.gz
 037f2c5b770b5fa0bb1c1290421d8bd4 109506 web extra phpmyadmin_3.4.11.1-2+deb7u7.debian.tar.gz
 fb2cf74b6c43a4340b3538872a6ee46d 5541358 web extra phpmyadmin_3.4.11.1-2+deb7u7_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1jZRJqkttWDGJ6ztF4RXf4EfbqwFAlhbbmoACgkQF4RXf4Ef
bqyXyw//ZMy+W4CW+Avk7K1yERUtN3B4S4AuTKKuON79+dkF7Uh3w++wYi+GfBZ8
JHWkZ4tUrp8zWKSjl87ojZZ7QHj/Hzdu4NDqt1k+iFpXVhO1XsjnUJyEHv4P2siz
QWGLUcdxPrW6BUjTmc7xExc5Pf3xcIGDdoP01vZ7QhmcMLdmYIR0RGdghe2jNS+2
8myuv+RuGF01bh0MiO25FIgkQgRT+9AbM1YtFNhrEeQqznT/xmGn8+C0f9chy6p2
/y0tEAu7rvsts0xzGnBesLUONRQUqt5tt9eDdK5h4MWgG+kXFX/uXOMyn6AjKlzf
SiZGwDWfbMY84DGMkL9JOkwi3Z8wKGF9LH2bntOh0iK4oXemdk5iovTcUXSxse58
5xRil5pZKnRZdzYI1yusSDGW8Dl7DchZBFn3RkLV9Cga1lrvcapeOnDV5oUJV7ib
XyI5P0rLKfH75vXx0zV/udE6JUbTgyUM9Ee3puPHMyCAVd36DIkKRHWHo7T2ODvh
7YsiTf9v44X2Qk6GbKNH5dDtbaugnXTUX+Z6rsL4Cyd3etEdh0ZDgyfRS9KZKXQl
h9dyVWVY6KT7MVpFqUBSLsiQx/zUh/8WgbijCQKJVGJvx2DL80ZOLKpZjIHR5F32
+Hx/PVB4D6kaMRCc3yuzwiSNDIVLRY9+MCVOpahYeTG2Uj29Kbs=
=lZ37
-----END PGP SIGNATURE-----