Re: phpmyadmin update (Was Re: last call for wheezy updates and remaining work for transition)

[Emilio Pozuelo Monfort <pochu@debian.org>]

On 05/07/18 12:45, Abhijith PA wrote:
> 
> 
> On Friday 22 June 2018 04:33 PM, Emilio Pozuelo Monfort wrote:
>> Ah, nice! Your work looks very useful. My old work was for wheezy, so it only
>> addressed one CVE (CVE-2017-18264). Since your work is on jessie (which is on a
>> newer version) and fixes many more issues, I'll let you handle it. Let me know
>> if you need a review or an upload when you are done with it.
>>
>> Cheers,
>> Emilio
>>
> 
> Emilio
> 
> Can you review and upload phpmyadmin. Debdiff is attached. Looks like
> CVE-2018-10188 and CVE-2018-12581 are not affecting. Hence I am going to
> mark it as not-affecting. Rest all are backported.

CVE-2016-6616.patch looks broken. Indeed, going into user groups causes a 500
internal server error. The rest looks fine.

Cheers,
Emilio