[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted phpmyadmin 4:3.4.11.1-2+deb7u6 (source all) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 14 Sep 2016 22:20:21 +0000
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:3.4.11.1-2+deb7u6
Distribution: wheezy-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Ola Lundqvist <opal@debian.org>
Description: 
 phpmyadmin - MySQL web administration tool
Changes: 
 phpmyadmin (4:3.4.11.1-2+deb7u6) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Long Term Security Team.
   * Correction for:
      - CVE-2016-6606 Weakness with cookie encryption
        Code rewritten in a similar way as the upstream patch.
      - CVE-2016-6607 XSS vulnerability
        Applied upstream fix as is
      - CVE-2016-6609 PHP code injection
        Code rewritten in a similar way as the upstream patch.
      - CVE-2016-6611 SQL injection attack
        Code rewritten in a similar way as the upstream patch.
      - CVE-2016-6612 Local file exposure
        Applied upstream fix as is
      - CVE-2016-6613 Local file exposure through symlinks with UploadDir
        Code rewritten in a similar way as the upstream patch.
      - CVE-2016-6614 Path traversal with SaveDir and UploadDir
        Applied upstream fix manually due to code changes
      - CVE-2016-6620 Unvalidated data passed to unserialize()
        Applied upstream fix as is
      - CVE-2016-6622 DOS attack with forced persistent connections
        Code rewritten in a similar way as the upstream patch.
      - CVE-2016-6623 Denial of service (DOS) attack by for loops
        Applied upstream fix manually due to code changes
      - CVE-2016-6624 IPv6 and proxy server IP-based authentication rule circumvention
        Applied upstream fix manually due to code changes
      - CVE-2016-6630 Denial of service (DOS) attack by changing password to a very long string
        Applied upstream fix manually due to code changes
      - CVE-2016-6631 Remote code execution vulnerability when run as CGI
        Removed all transformator shell scripts in debian/rules.
Checksums-Sha1: 
 71b4c606705e4aca192ee095a128b6625b5a7ee1 1958 phpmyadmin_3.4.11.1-2+deb7u6.dsc
 2107bad5f5bb8669aa4a05870f7e18d58928d97f 105479 phpmyadmin_3.4.11.1-2+deb7u6.debian.tar.gz
 5554909001265a2d8d8cc044cf0934b02382b5ad 5522856 phpmyadmin_3.4.11.1-2+deb7u6_all.deb
Checksums-Sha256: 
 da93b5a7653d230f570ff2c22d9a5b67aad7a476309dfe1dc2f8b0bd960041cc 1958 phpmyadmin_3.4.11.1-2+deb7u6.dsc
 566ae9bddbd31dde9e6a90d48253dc797d222393094fe39fe4bda7dd07e99677 105479 phpmyadmin_3.4.11.1-2+deb7u6.debian.tar.gz
 ac39af43f68d775742bbb105d2af7daf99499e82ba4c17d7fa58605a6d3c8f56 5522856 phpmyadmin_3.4.11.1-2+deb7u6_all.deb
Files: 
 82f5ecc05d71cc1fcb48751fc3af446e 1958 web extra phpmyadmin_3.4.11.1-2+deb7u6.dsc
 66c530c653cd1521df60019d0c469641 105479 web extra phpmyadmin_3.4.11.1-2+deb7u6.debian.tar.gz
 176ac1bfd1bd23d3d7ca34b32cb6fdda 5522856 web extra phpmyadmin_3.4.11.1-2+deb7u6_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJX2b+FAAoJEF6Q3PqUJodvOAQQAJxxVSJGOruFJjnw+EUiIiv0
OLP8IEoWgjj0kvWSLx0/B78qLy0GzI5CHNLTc6+SRJGrdOfxzcf7WiwO3Uw8/wzi
bzcLA+tO5C5R/BbbNcCSZunXkQ8MlywshO+T9ki2Hw2nVTfgJOUX9oXKsw0hlJIL
j17k5048+68Xjbow1U9o3cJKpkSqBCuHqhGyjtaTcQgaJZx0rnrtodJcA+afdB4V
Lgg0+R496VqUwDJK2NfgHfPb37KTEigAOpX99w6+uVBMGrX/ggfeDnadVd/pzSd8
011kKL6lOgZNaLt+c9+INwMLlen5Ucb3kQnGQaTzE/dOgRCfT2JOTUM33e+idrAR
BTJkrVy/U4XV1ejHvAvzEqp1A3tkW0hfO1dXk/RO+bZtyJ3XAZbnPyQ61H6oOX9H
CGGKPG9diQ+9xHqlEVolyTQyFyA9uuMWwH+Jqvu8abvrMyru3POHmhALMNAGvUxP
rekLjFu1gN7IkEtjCdqCmwwxpc5cmCp/dRoig84dkRCz9/Y9FTHXI7OVwtQ4eCdu
IsYlckPErpHBqiqENWVU3IxiXv18EZAyZoux4OMjeTzjXBHHTwFPIbR45Ca/ZZbs
ppLwQmh6sJADlLsRPD03p0t1bncyhpemnqZIqFoHdekPBLQWjlkWNQvxru0E4UXG
MAcrsdy7noOybXxFMmU2
=dY9C
-----END PGP SIGNATURE-----


Reply to: