Ubuntu
phpmyadmin package

lp://staging/ubuntu/feisty-security/phpmyadmin

  1. Feisty (7.04)
  2. feisty-security
Created by James Westby and last modified
Get this branch:
bzr branch lp://staging/ubuntu/feisty-security/phpmyadmin
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

16. By Emanuele Gentili

* SECURITY UPDATE:
 + debian/patches/050_CVE-2008-1149.dpatch
  - Provides unauthorized access, Allows partial confidentiality, integrity, and
    availability violation , Allows unauthorized disclosure of information ,
    Allows disruption of service. (LP: #198745)
* References:
 + http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1149
 + http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1

15. By William Grant

* SECURITY UPDATE: Cross-site scripting via multiple vectors. (LP: #162599)
* debian/patches/030_CVE-2007-1395.patch: Match </script> end tag case
  insensitively. Patch from Debian.
* debian/patches/030_CVE-2007-2245.patch: Correctly sanitise input to
  browse_foreigners.php and PMA_sanitize. Patch from Debian.
* debian/patches/031_CVE-2007-5386.patch: Sanitise non-URL-encoded query
  strings in scripts/setup.php. Patch from Debian.
* debian/patches/031_CVE-2007-5589.patch: Sanitise PHP_SELF and PATH_INFO
  inputs in a number of places. Patch from Debian.
* debian/patches/033_CVE-2007-6100.patch: Sanitise convcharset as displayed
  on authentication form.
* References
  CVE-2007-1395
  CVE-2007-2245
  CVE-2007-5386
  CVE-2007-5589
  CVE-2007-6100
  PMASA-2007-4
  PMASA-2007-5
  PMASA-2007-6
  PMASA-2007-8

13. By Thijs Kinkhorst

* Backport security-related changes from 2.9.2-rc1:
* CVE-2007-0203: Multiple unspecified vulnerabilities;
  this turns out to be (1) cross site scripting and
  (2) the same as CVE-2006-6374. (Closes: #406332, #406486)
* CVE-2006-6374: the vulnerability only applies to
  PHP < 5.1.2 and < 4.4.2, so strictly speaking current
  Debian is not vulnerable. Include it anyway, to not expose
  those using older PHP versions. (Closes: #404744)

12. By Thijs Kinkhorst

* New upstream release.
  - Addresses several security issues (Closes: #399329).

* In Depends, explicitly prefer the apache2/apache PHP module, to make
  sure the correct one is selected upon installation.
* Drop 100-dutch_fixtypo.patch, integrated upstream.

* Add note to default config file about adding sensitive data
  to that file (Closes: #321529).
* Update README.Debian with information about register_globals.

11. By Thijs Kinkhorst

* New upstream bugfix release.
  - Includes a fix for a XSS security issue (PMASA-2006-6).
    (Closes: #396638)

* 100-dutch_fixtypo.patch: Add patch to fix typo in Dutch
  translation which also caused a layout problem in the login
  screen.
* 021-config.inc.php_no_check_mtime.patch: Add patch to Config
  class to disable checking for the mtime of config.inc.php.
  Since we include other files from it, those will otherwise
  never be read (Closes: #392022).
* Add depends on perl since it's used in the maintainer scripts.
* Update shipped htaccess to make it compatible with Apache 2.2
  (Closes: #396560).

* Updated translations:
  - Bokmål by Bjørn Steensrud.
  - Basque by Piarres Beobide.
  - Dutch by self.
  - Danish by Claus Hindsgaul (Closes: #393871).
  - Japanese by Hideki Yamane (Closes: #396548).

10. By Steinar H. Gunderson

* Non-maintainer upload.
* Fix issue with /var/www pointing to /usr/share/phpmyadmin.
  (Closes: #385889)
  * Make sure we install /var/www as a directory, since we make a symlink into
    it and we can't rely on it being there.
  * Explicitly link to /var/www/phpmyadmin instead of /var/www, to make sure
    we don't make a new /var/www even if it should be removed for some
    reason.

9. By Piotr Roszatycki

* New upstream release. Closes: #373204.
  - The French translation is correct. Closes: #362154.
  - Generates correct dumps with UPDATE syntax. Closes: #364702.
* Security fix: XSRF vulnerability.
  See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-3
  See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1804
* Security fix: XSS vulnerabilities. It was not a problem for Debian with
  the default settings.
  See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2
  See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2031
  Closes: #363519, #368082.
* Updated Portuguese debconf templates translation, thanks Miguel Figueiredo.
  Closes: #363597.
* Updated Russian debconf templates translation, thanks Yuriy Talakan.
  Closes: #367146.
* Convert non-ISO-8859-1 debconf templates translation to UTF-8.

8. By Piotr Roszatycki

* New upstream release.
* Security fix: XSS vulnerability (calling directly css files under themes)
  See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-1
  See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1678
  Closes: #362567.

7. By Piotr Roszatycki

* New upstream release. Closes: #342203.
* Tweak the dependencies and prefer PHP5 with Apache2.
* Support cgid.so module for threaded Apache2.
* Removed all Debian specific patches.
* Portuguese debconf templates translation, thanks Miguel Figueiredo.
  Closes: #336444.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp://staging/ubuntu/karmic/phpmyadmin
This branch contains Public information 
Everyone can see this information.

Subscribers