Re: Review and testing phpmyadmin for Jessie LTS
- To: Lucas Kanashiro <kanashiro@riseup.net>, Hugo Lefeuvre <hle@debian.org>
- Cc: debian-lts@lists.debian.org
- Subject: Re: Review and testing phpmyadmin for Jessie LTS
- From: Antoine Beaupré <anarcat@orangeseeds.org>
- Date: Fri, 01 Feb 2019 14:31:41 -0500
- Message-id: <[🔎] 87imy32tlu.fsf@curie.anarc.at>
- In-reply-to: <c344fc13-d0b1-0101-91a3-71c6ce8fffaa@riseup.net>
- References: <c2fbedd3-436c-0497-c987-69fa5b2137d9@riseup.net> <20190128084026.GB2991@hle-laptop> <78f56838-3b7a-561e-2f1d-691dd27602b5@riseup.net> <20190129133730.GB1478@hle-laptop> <c344fc13-d0b1-0101-91a3-71c6ce8fffaa@riseup.net>
Hi,
I've reviewed both patches and they look sane. I did some smoke tests on
the package (installed it and mariadb in a VM) and it seems to run
okay. I also did an naive attempt at exploiting CVE-2018-19970 but
couldn't succeed, which can either mean I failed or the flaw is
fixed. :)
Good job,
A.
On 2019-01-29 15:27:59, Lucas Kanashiro wrote:
> Hugo,
>
> I just uploaded a new package fixing the issue that you pointed out here
> again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
>
> I didn't perform any new testing yet, I want to do it soon. But if you
> could have a try again it would be great.
>
> Cheers.
>
> On 1/29/19 11:37 AM, Hugo Lefeuvre wrote:
>> Hi Lucas,
>>
>>> Great, sorry for being a victim of my lack of attention... I've never
>>> used phpmyadmin (that's why I requested some testing) and my local tests
>>> were so basic that they didn't catch this issue. Shame on me.
>> That's
>
>> fine, main thing is issues have been found before upload :)
>>
>>> I'll fix it and perform some tests. Thanks for the review and the time
>>> that you spent on this.
>> I am available for testing the updated package if needed.
>>
>> cheers,
>> Hugo
>>
> --
> Lucas Kanashiro
--
Drowning people
Sometimes die
Fighting their rescuers.
- Octavia Butler
Reply to: