Accepted phpmyadmin 4:3.4.11.1-2+deb7u6 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 14 Sep 2016 22:20:21 +0000
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:3.4.11.1-2+deb7u6
Distribution: wheezy-security
Urgency: high
Maintainer: Thijs Kinkhorst <thijs@debian.org>
Changed-By: Ola Lundqvist <opal@debian.org>
Description:
phpmyadmin - MySQL web administration tool
Changes:
phpmyadmin (4:3.4.11.1-2+deb7u6) wheezy-security; urgency=high
.
* Non-maintainer upload by the Long Term Security Team.
* Correction for:
- CVE-2016-6606 Weakness with cookie encryption
Code rewritten in a similar way as the upstream patch.
- CVE-2016-6607 XSS vulnerability
Applied upstream fix as is
- CVE-2016-6609 PHP code injection
Code rewritten in a similar way as the upstream patch.
- CVE-2016-6611 SQL injection attack
Code rewritten in a similar way as the upstream patch.
- CVE-2016-6612 Local file exposure
Applied upstream fix as is
- CVE-2016-6613 Local file exposure through symlinks with UploadDir
Code rewritten in a similar way as the upstream patch.
- CVE-2016-6614 Path traversal with SaveDir and UploadDir
Applied upstream fix manually due to code changes
- CVE-2016-6620 Unvalidated data passed to unserialize()
Applied upstream fix as is
- CVE-2016-6622 DOS attack with forced persistent connections
Code rewritten in a similar way as the upstream patch.
- CVE-2016-6623 Denial of service (DOS) attack by for loops
Applied upstream fix manually due to code changes
- CVE-2016-6624 IPv6 and proxy server IP-based authentication rule circumvention
Applied upstream fix manually due to code changes
- CVE-2016-6630 Denial of service (DOS) attack by changing password to a very long string
Applied upstream fix manually due to code changes
- CVE-2016-6631 Remote code execution vulnerability when run as CGI
Removed all transformator shell scripts in debian/rules.
Checksums-Sha1:
71b4c606705e4aca192ee095a128b6625b5a7ee1 1958 phpmyadmin_3.4.11.1-2+deb7u6.dsc
2107bad5f5bb8669aa4a05870f7e18d58928d97f 105479 phpmyadmin_3.4.11.1-2+deb7u6.debian.tar.gz
5554909001265a2d8d8cc044cf0934b02382b5ad 5522856 phpmyadmin_3.4.11.1-2+deb7u6_all.deb
Checksums-Sha256:
da93b5a7653d230f570ff2c22d9a5b67aad7a476309dfe1dc2f8b0bd960041cc 1958 phpmyadmin_3.4.11.1-2+deb7u6.dsc
566ae9bddbd31dde9e6a90d48253dc797d222393094fe39fe4bda7dd07e99677 105479 phpmyadmin_3.4.11.1-2+deb7u6.debian.tar.gz
ac39af43f68d775742bbb105d2af7daf99499e82ba4c17d7fa58605a6d3c8f56 5522856 phpmyadmin_3.4.11.1-2+deb7u6_all.deb
Files:
82f5ecc05d71cc1fcb48751fc3af446e 1958 web extra phpmyadmin_3.4.11.1-2+deb7u6.dsc
66c530c653cd1521df60019d0c469641 105479 web extra phpmyadmin_3.4.11.1-2+deb7u6.debian.tar.gz
176ac1bfd1bd23d3d7ca34b32cb6fdda 5522856 web extra phpmyadmin_3.4.11.1-2+deb7u6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJX2b+FAAoJEF6Q3PqUJodvOAQQAJxxVSJGOruFJjnw+EUiIiv0
OLP8IEoWgjj0kvWSLx0/B78qLy0GzI5CHNLTc6+SRJGrdOfxzcf7WiwO3Uw8/wzi
bzcLA+tO5C5R/BbbNcCSZunXkQ8MlywshO+T9ki2Hw2nVTfgJOUX9oXKsw0hlJIL
j17k5048+68Xjbow1U9o3cJKpkSqBCuHqhGyjtaTcQgaJZx0rnrtodJcA+afdB4V
Lgg0+R496VqUwDJK2NfgHfPb37KTEigAOpX99w6+uVBMGrX/ggfeDnadVd/pzSd8
011kKL6lOgZNaLt+c9+INwMLlen5Ucb3kQnGQaTzE/dOgRCfT2JOTUM33e+idrAR
BTJkrVy/U4XV1ejHvAvzEqp1A3tkW0hfO1dXk/RO+bZtyJ3XAZbnPyQ61H6oOX9H
CGGKPG9diQ+9xHqlEVolyTQyFyA9uuMWwH+Jqvu8abvrMyru3POHmhALMNAGvUxP
rekLjFu1gN7IkEtjCdqCmwwxpc5cmCp/dRoig84dkRCz9/Y9FTHXI7OVwtQ4eCdu
IsYlckPErpHBqiqENWVU3IxiXv18EZAyZoux4OMjeTzjXBHHTwFPIbR45Ca/ZZbs
ppLwQmh6sJADlLsRPD03p0t1bncyhpemnqZIqFoHdekPBLQWjlkWNQvxru0E4UXG
MAcrsdy7noOybXxFMmU2
=dY9C
-----END PGP SIGNATURE-----
Reply to: