Accepted phpmyadmin 4:4.9.1+dfsg1-2 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 01 Nov 2019 19:33:40 +0100
Source: phpmyadmin
Architecture: source
Version: 4:4.9.1+dfsg1-2
Distribution: unstable
Urgency: medium
Maintainer: phpMyAdmin Packaging Team <team+phpmyadmin@tracker.debian.org>
Changed-By: Matthias Blümel <debian@blaimi.de>
Closes: 772741 883417 884827 890595 893539 896490 914673 917755 920822 920823 930017 930048 943209
Changes:
phpmyadmin (4:4.9.1+dfsg1-2) unstable; urgency=medium
.
* Adjust open_basedir setting for ubuntu eoan
.
phpmyadmin (4:4.9.1+dfsg1-1) unstable; urgency=medium
.
* New upstream version 4.9.1.
* Remove webbased setup (Closes: #772741)
* Check for weak blowfish key and regenerate if necessary during update
* fix avahi service-installation (Closes: #914673, LP: #1293558)
* fix bug in sql-script for non-default tablename (Closes: #884827)
.
phpmyadmin (4:4.9.0.1+dfsg1-1) unstable; urgency=medium
.
[ Matthias Blümel ]
* New upstream version 4.9.0.1.
* Update Package for new composer-oriented structure in upstream
* Update Traslations
- Catalan
- Ukrainian
- Chinese (Traditional)
* New Translations
- Romanian
- Indonesian
* New upstream release, fixing several security issues:
- Warings when running under php 7.2
(Closes: #890595)
- FTBFS with phpunit 6.4.4-2
(Closes: #883417, Closes: #917755)
- Bypass $cfg['Servers'][$i]['AllowNoPassword']
(PMASA-2017-8, CVE-2017-18264)
- XSRF/CSRF vulnerability in phpMyAdmin
(PMASA-2017-9, CVE-2017-1000499)
- Self XSS in central columns feature
(PMASA-2018-1, CVE-2018-7260, Closes: #893539)
- CSRF vulnerability allowing arbitrary SQL execution
(PMASA-2018-2, CVE-2018-10188, Closes: #896490)
- XSS in Designer feature
(PMASA-2018-3, CVE-2018-12581)
- Bug that can be used for XSS when importing files
- Local file inclusion
(PMASA-2018-6, CVE-2018-19968)
- XSRF/CSRF vulnerabilities allowing a to perform harmful operations
(PMASA-2018-7, CVE-2018-19969)
- an XSS vulnerability in the navigation tree
(PMASA-2018-8, CVE-2018-19970)
- Arbitrary file read vulnerability
(PMASA-2019-1, CVE-2019-6799, Closes: #920823)
- SQL injection in the Designer interface
(PMASA-2019-2, CVE-2019-6798, Closes: #920822)
- SQL injection in Designer feature
(PMASA-2019-3, CVE-2019-11768, Closes: #930048))
- CSRF vulnerability in login form
(PMASA-2019-4, CVE-2019-12616, Closes: #930017)
* patch to allow twig in version 2
* adjust autoload path with libapache2-mod-php, load Twig-Extensions and tcpdf
* adjust apache-config with open_basedir for dependencies
* Set TempDir to /var/lib/phpmyadmin/tmp for twig-cache
* add config-table upgrade for version 4.7.0+
* enable unittests and patch to use phpunit 7, fix build-deps
* update to standards-version 4.3.0
* add Debian CI testfile
* depend on python3-sphinx instead of python-sphinx which is python2 (Closes: #943209)
* don't chown tmp-dir recursive and remove useless entries in 'dirs'
* add sensible-utils to dependencies for .desktop-file
* simplify apache-config
* mbstring.func_overload = 0 is default and not set (/etc/php/7.3/apache2/php.ini)
* SetHandler is now in the configuration of libapache2-mod-php (/etc/apache2/mods-available/php7.3.conf)
* AddType seems not to be necessary anymore, it's in the mime-database (/etc/mime.types)
* use autoload.php instead of vendor/autoload.php
* use libjs-openlayers instead of bundled ones.
* include copyright information from included vendor-source
* cleanup lintian overrides
.
[ Felipe Sateler ]
* Exclude vendor dir from upstream tarball imports
* Add new build-dependencies
* Add autoload generation
* Fix Config file location
* Add phpcomposer substvars to control file
* Fix js paths in debian/rules
* Set phpMyAdmin team as Maintainer
.
[ Juri Grabowski ]
* define composer as Build-Depends, Fix Vcs- URLs
* apache2.2-common -> apache2-data
Checksums-Sha1:
db30c657beb422cfcab4ae2f0504a46a33fc07c1 2700 phpmyadmin_4.9.1+dfsg1-2.dsc
faaeaa981f613b23d4f9afc2c5b343fcad84b3f2 94188 phpmyadmin_4.9.1+dfsg1-2.debian.tar.xz
07d1363135b7f0255407f6af5355126276b02186 11322440 phpmyadmin_4.9.1+dfsg1.orig.tar.xz
Checksums-Sha256:
a205fa69ec52834e772ebd619203fad6a46ff1bdc9865c28142935d24186dc7a 2700 phpmyadmin_4.9.1+dfsg1-2.dsc
d6877f4ca7a9ea49bdb8608f16342207c4703a0db68fd607a4fa41dfa9294a42 94188 phpmyadmin_4.9.1+dfsg1-2.debian.tar.xz
5774cd30ffd4d3369a3083d7e04ef60a651647fd4da749cb53285fa0fb16459a 11322440 phpmyadmin_4.9.1+dfsg1.orig.tar.xz
Files:
bc93c0fec95473d080304848d649c6d1 2700 web optional phpmyadmin_4.9.1+dfsg1-2.dsc
f440b671f55d71f64b648761af63ff51 94188 web optional phpmyadmin_4.9.1+dfsg1-2.debian.tar.xz
76668ca2166ce668cf4915338be16d4d 11322440 web optional phpmyadmin_4.9.1+dfsg1.orig.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEIY7gNiAzyHtsE1+ko7q64kCN1s8FAl3IJCwUHGZzYXRlbGVy
QGRlYmlhbi5vcmcACgkQo7q64kCN1s8OARAAmCGEXxYkXJh02TWnbISOxqm8KL/1
DVOHbAuJtYemnLVlBNr5glPh7Ttx+N/ZiLbgNpJwxqEvTxKO2w3erpoW9vd4ICW7
8rZOpLh5hJW54fAHz4kdYiYuN0B2pvaZ/iqCLTt9DjBHZHDJud7nUFPciFMUoigb
nFjp7yH1aBM50m4bNkvh2wDn740/SUOcaO+va4mMc43o15YqWerwrxEvfgvwrgnM
znzaGrkwYL1KGi6MGrBufAIzxABWCgmFGFq4B/fNliG/XxDcGj4OxpoUs4H/mw88
/G0aWYWq4Eajq1Vi+k2HqEjnEJpHIQBd6ykSDKDctInzlEfy3ot8/p6MrWjIpEfg
VMvyGOwg6Ya7FiV5YxVXxcN/5Ly4S8R58Tz66W/Dz6uWMcMQFSnKaiIlr8woFBDf
D9z1j8HFRv4r1ha1h3gY6rJtKBfkYENRMSd7JgsKk6iahzJpJWYksE+SusYWw08W
XOC2DOiAnGFaND0CXNq67tvs+G8pwv87yxACemY29WUwjle/0N6yJ3Exf2K4RvhC
EC4H7wcY74LfTro2xtnzIE7KRc0iG8e5yFylJjdT2OqYutTwBBibcod+An/D1n7u
wncfVkHD0AEB0NDU31L7Yn2p03a+upaD5ErgOKNJ0r66Rd8KfIYC2s5ouwSvV1G2
8thkti3V7G1FT0w=
=k+MP
-----END PGP SIGNATURE-----