Accepted phpmyadmin 4:4.6.6-4+deb9u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 22 Mar 2020 17:07:57 +0100
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:4.6.6-4+deb9u1
Distribution: stretch
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: William Desportes <williamdes@wdes.fr>
Description:
phpmyadmin - MySQL web administration tool
Closes: 893539 920822 920823 930017 930048 948718 954665 954666 954667
Changes:
phpmyadmin (4:4.6.6-4+deb9u1) stretch; urgency=high
.
* Team upload
* Several security fixes
- Cross-site scripting (XSS) vulnerability in db_central_columns.php
(PMASA-2018-1, CVE-2018-7260, Closes: #893539)
- Remove transformation plugin includes
(PMASA-2018-6, CVE-2018-19968)
- Fix Stored Cross-Site Scripting (XSS) in navigation tree
(PMASA-2018-8, CVE-2018-19970)
- Fix information leak (arbitrary file read) using SQL queries
(PMASA-2019-1, CVE-2019-6799, Closes: #920823)
- a specially crafted username can be used to trigger a SQL injection attack
(PMASA-2019-2, CVE-2019-6798, Closes: #920822)
- SQL injection in Designer feature
(PMASA-2019-3, CVE-2019-11768, Closes: #930048)
- CSRF vulnerability in login form
(PMASA-2019-4, CVE-2019-12616, Closes: #930017)
- SQL injection, escape username in the query
(PMASA-2020-1, CVE-2020-5504, Closes: #948718)
- Add a patch to escape some parameters when changing passwords
(PMASA-2020-2, CVE-2020-10804, Closes: #954667)
- Add a patch to escape database and table name
(PMASA-2020-3, CVE-2020-10802, Closes: #954665)
- Add a patch to secure sql_query parameter
(PMASA-2020-4, CVE-2020-10803, Closes: #954666)
Checksums-Sha1:
54a3b9e872405f242fef531860ee1f01e7a425fb 2123 phpmyadmin_4.6.6-4+deb9u1.dsc
5314655baf12ad47bdc42a2ebcfc2b10995ce7a5 6147904 phpmyadmin_4.6.6.orig.tar.xz
a3ce0bc62874cffd398433de9f99f104a59e17e6 87276 phpmyadmin_4.6.6-4+deb9u1.debian.tar.xz
192e2dd05c635f39f43ea79455ca78c91a8fa640 3910736 phpmyadmin_4.6.6-4+deb9u1_all.deb
50c2fe65d0c84eb6843b7399e6a4c01185d26818 8729 phpmyadmin_4.6.6-4+deb9u1_amd64.buildinfo
Checksums-Sha256:
2568bc474f94dd88a8f1082d83d814a126c507e15f41efaaa0f0c4d3a6e7f8ba 2123 phpmyadmin_4.6.6-4+deb9u1.dsc
b7b9e0f88ca740fcba249e7e3e7d51d1923b038b7742cde72de193a2b0a2654f 6147904 phpmyadmin_4.6.6.orig.tar.xz
a877680d4d10b8500bc5f2acdd8cafcfeed23ed8d5208af96e3e88b623a39f1e 87276 phpmyadmin_4.6.6-4+deb9u1.debian.tar.xz
5db49a41af864dccea7d8926954dce8c4e4e192bd644a04b216d4f4a3a732556 3910736 phpmyadmin_4.6.6-4+deb9u1_all.deb
d04c07e72132473eb24fc9b8c18d685399298cd448cef42b60cd2cc81f0697e5 8729 phpmyadmin_4.6.6-4+deb9u1_amd64.buildinfo
Files:
3cd01d47875eb49cced10d2ce5463bc1 2123 web extra phpmyadmin_4.6.6-4+deb9u1.dsc
474af1974cadf7f0300d80a63acc14d2 6147904 web extra phpmyadmin_4.6.6.orig.tar.xz
87e5839b15cfa663adabadcf997814d7 87276 web extra phpmyadmin_4.6.6-4+deb9u1.debian.tar.xz
61eff9b435e1c72a8d215f1f8ea811cc 3910736 web extra phpmyadmin_4.6.6-4+deb9u1_all.deb
d0601ed689d8ecfc16972743db788114 8729 web extra phpmyadmin_4.6.6-4+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl6AnEoACgkQgj6WdgbD
S5Zaqw/+M3R6ygmmdv7E1dHdiI4ho/dG71FgnAzW4v6jW26Id4D2mH8/BUgE9hQ/
WveyrRVZBb4LAydy6qyMPmDJcGDgVEcKKpNTH6PaA5M2SvVVvDZ/LBFiaqK+31Jy
Oajq6DnfJmjsEILr6zfOLLW9cBaVeuJ8d14yBn+47Eyf0DohvN/1btQmDHa+lhhM
eW2PBNCQHOysESS7tH1gkiZsQlreD80bT7rIN1snp62t249go6JpONhS3iICz2vP
yuCPuGl1Ndw3QSI7kFKKbFA+unAmlmtQmdhybNOrXYrO2u7CPi1dwiMjP7W4EEWe
k1o1bvB4qOZY+PSq3DPzS4cFESEu1qLGFgQdisLIrS5g6dFhhAI9fmwkohmQjRtQ
WW0HQkPyxGufqrH2w0mkuc59kBF2WY8j6FrnTr/5iLHh9yWmzGQFRGyKnMWCdbgx
u3CIr+5u3ZhvY7WFjWuI8xY/NoSophda+glia5vPVnqjH/FhU9tfqIu/qyyrw9RC
01RPf1jOkSnHmREOIMqHK5yeugzuKAEHsOV8Rh7TmRHSWdGyHvBkgN3Y5XQMzbtt
U8WrHIPQEORTc3toIOOR2C6LfQI+COQWmQC/GSGXclKTTZvi8lV3LN9NmD1KFics
i17IHOzZh/Wn7kQv709U/28plys3Fvl9I3x0fVNWLmIPOo16WNY=
=qhUY
-----END PGP SIGNATURE-----
Reply to: