Back to phpmyadmin PTS page

Accepted phpmyadmin 4:4.9.1+dfsg1-2 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted phpmyadmin 4:4.9.1+dfsg1-2 (source) into unstable
From: Matthias Blümel <debian@blaimi.de>
Date: Sun, 10 Nov 2019 15:38:18 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1iTpIA-0008nX-0a@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 01 Nov 2019 19:33:40 +0100
Source: phpmyadmin
Architecture: source
Version: 4:4.9.1+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: phpMyAdmin Packaging Team <team+phpmyadmin@tracker.debian.org>
Changed-By: Matthias Blümel <debian@blaimi.de>
Closes: 772741 883417 884827 890595 893539 896490 914673 917755 920822 920823 930017 930048 943209
Changes:
 phpmyadmin (4:4.9.1+dfsg1-2) unstable; urgency=medium
 .
   * Adjust open_basedir setting for ubuntu eoan
 .
 phpmyadmin (4:4.9.1+dfsg1-1) unstable; urgency=medium
 .
   * New upstream version 4.9.1.
   * Remove webbased setup (Closes: #772741)
   * Check for weak blowfish key and regenerate if necessary during update
   * fix avahi service-installation (Closes: #914673, LP: #1293558)
   * fix bug in sql-script for non-default tablename (Closes: #884827)
 .
 phpmyadmin (4:4.9.0.1+dfsg1-1) unstable; urgency=medium
 .
   [ Matthias Blümel ]
   * New upstream version 4.9.0.1.
   * Update Package for new composer-oriented structure in upstream
   * Update Traslations
     - Catalan
     - Ukrainian
     - Chinese (Traditional)
   * New Translations
     - Romanian
     - Indonesian
   * New upstream release, fixing several security issues:
     - Warings when running under php 7.2
       (Closes: #890595)
     - FTBFS with phpunit 6.4.4-2
       (Closes: #883417, Closes: #917755)
     - Bypass $cfg['Servers'][$i]['AllowNoPassword']
       (PMASA-2017-8, CVE-2017-18264)
     - XSRF/CSRF vulnerability in phpMyAdmin
       (PMASA-2017-9, CVE-2017-1000499)
     - Self XSS in central columns feature
       (PMASA-2018-1, CVE-2018-7260, Closes: #893539)
     - CSRF vulnerability allowing arbitrary SQL execution
       (PMASA-2018-2, CVE-2018-10188, Closes: #896490)
     - XSS in Designer feature
       (PMASA-2018-3, CVE-2018-12581)
     - Bug that can be used for XSS when importing files
     - Local file inclusion
       (PMASA-2018-6, CVE-2018-19968)
     - XSRF/CSRF vulnerabilities allowing a to perform harmful operations
       (PMASA-2018-7, CVE-2018-19969)
     - an XSS vulnerability in the navigation tree
       (PMASA-2018-8, CVE-2018-19970)
     - Arbitrary file read vulnerability
       (PMASA-2019-1, CVE-2019-6799, Closes: #920823)
     - SQL injection in the Designer interface
       (PMASA-2019-2, CVE-2019-6798, Closes: #920822)
     - SQL injection in Designer feature
       (PMASA-2019-3, CVE-2019-11768, Closes: #930048))
     - CSRF vulnerability in login form
       (PMASA-2019-4, CVE-2019-12616, Closes: #930017)
   * patch to allow twig in version 2
   * adjust autoload path with libapache2-mod-php, load Twig-Extensions and tcpdf
   * adjust apache-config with open_basedir for dependencies
   * Set TempDir to /var/lib/phpmyadmin/tmp for twig-cache
   * add config-table upgrade for version 4.7.0+
   * enable unittests and patch to use phpunit 7, fix build-deps
   * update to standards-version 4.3.0
   * add Debian CI testfile
   * depend on python3-sphinx instead of python-sphinx which is python2 (Closes: #943209)
   * don't chown tmp-dir recursive and remove useless entries in 'dirs'
   * add sensible-utils to dependencies for .desktop-file
   * simplify apache-config
     * mbstring.func_overload = 0 is default and not set (/etc/php/7.3/apache2/php.ini)
     * SetHandler is now in the configuration of libapache2-mod-php (/etc/apache2/mods-available/php7.3.conf)
     * AddType seems not to be necessary anymore, it's in the mime-database (/etc/mime.types)
   * use autoload.php instead of vendor/autoload.php
   * use libjs-openlayers instead of bundled ones.
   * include copyright information from included vendor-source
   * cleanup lintian overrides
 .
   [ Felipe Sateler ]
   * Exclude vendor dir from upstream tarball imports
   * Add new build-dependencies
   * Add autoload generation
   * Fix Config file location
   * Add phpcomposer substvars to control file
   * Fix js paths in debian/rules
   * Set phpMyAdmin team as Maintainer
 .
   [ Juri Grabowski ]
   * define composer as Build-Depends, Fix Vcs- URLs
   * apache2.2-common -> apache2-data
Checksums-Sha1:
 db30c657beb422cfcab4ae2f0504a46a33fc07c1 2700 phpmyadmin_4.9.1+dfsg1-2.dsc
 faaeaa981f613b23d4f9afc2c5b343fcad84b3f2 94188 phpmyadmin_4.9.1+dfsg1-2.debian.tar.xz
 07d1363135b7f0255407f6af5355126276b02186 11322440 phpmyadmin_4.9.1+dfsg1.orig.tar.xz
Checksums-Sha256:
 a205fa69ec52834e772ebd619203fad6a46ff1bdc9865c28142935d24186dc7a 2700 phpmyadmin_4.9.1+dfsg1-2.dsc
 d6877f4ca7a9ea49bdb8608f16342207c4703a0db68fd607a4fa41dfa9294a42 94188 phpmyadmin_4.9.1+dfsg1-2.debian.tar.xz
 5774cd30ffd4d3369a3083d7e04ef60a651647fd4da749cb53285fa0fb16459a 11322440 phpmyadmin_4.9.1+dfsg1.orig.tar.xz
Files:
 bc93c0fec95473d080304848d649c6d1 2700 web optional phpmyadmin_4.9.1+dfsg1-2.dsc
 f440b671f55d71f64b648761af63ff51 94188 web optional phpmyadmin_4.9.1+dfsg1-2.debian.tar.xz
 76668ca2166ce668cf4915338be16d4d 11322440 web optional phpmyadmin_4.9.1+dfsg1.orig.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCAAyFiEEIY7gNiAzyHtsE1+ko7q64kCN1s8FAl3IJCwUHGZzYXRlbGVy
QGRlYmlhbi5vcmcACgkQo7q64kCN1s8OARAAmCGEXxYkXJh02TWnbISOxqm8KL/1
DVOHbAuJtYemnLVlBNr5glPh7Ttx+N/ZiLbgNpJwxqEvTxKO2w3erpoW9vd4ICW7
8rZOpLh5hJW54fAHz4kdYiYuN0B2pvaZ/iqCLTt9DjBHZHDJud7nUFPciFMUoigb
nFjp7yH1aBM50m4bNkvh2wDn740/SUOcaO+va4mMc43o15YqWerwrxEvfgvwrgnM
znzaGrkwYL1KGi6MGrBufAIzxABWCgmFGFq4B/fNliG/XxDcGj4OxpoUs4H/mw88
/G0aWYWq4Eajq1Vi+k2HqEjnEJpHIQBd6ykSDKDctInzlEfy3ot8/p6MrWjIpEfg
VMvyGOwg6Ya7FiV5YxVXxcN/5Ly4S8R58Tz66W/Dz6uWMcMQFSnKaiIlr8woFBDf
D9z1j8HFRv4r1ha1h3gY6rJtKBfkYENRMSd7JgsKk6iahzJpJWYksE+SusYWw08W
XOC2DOiAnGFaND0CXNq67tvs+G8pwv87yxACemY29WUwjle/0N6yJ3Exf2K4RvhC
EC4H7wcY74LfTro2xtnzIE7KRc0iG8e5yFylJjdT2OqYutTwBBibcod+An/D1n7u
wncfVkHD0AEB0NDU31L7Yn2p03a+upaD5ErgOKNJ0r66Rd8KfIYC2s5ouwSvV1G2
8thkti3V7G1FT0w=
=k+MP
-----END PGP SIGNATURE-----