Re: Review and testing phpmyadmin for Jessie LTS
- To: Lucas Kanashiro <email@example.com>, Hugo Lefeuvre <firstname.lastname@example.org>
- Cc: email@example.com
- Subject: Re: Review and testing phpmyadmin for Jessie LTS
- From: Antoine Beaupré <firstname.lastname@example.org>
- Date: Fri, 01 Feb 2019 14:31:41 -0500
- Message-id: <[🔎] email@example.com>
- In-reply-to: <firstname.lastname@example.org>
- References: <email@example.com> <20190128084026.GB2991@hle-laptop> <firstname.lastname@example.org> <20190129133730.GB1478@hle-laptop> <email@example.com>
I've reviewed both patches and they look sane. I did some smoke tests on
the package (installed it and mariadb in a VM) and it seems to run
okay. I also did an naive attempt at exploiting CVE-2018-19970 but
couldn't succeed, which can either mean I failed or the flaw is
On 2019-01-29 15:27:59, Lucas Kanashiro wrote:
> I just uploaded a new package fixing the issue that you pointed out here
> again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
> I didn't perform any new testing yet, I want to do it soon. But if you
> could have a try again it would be great.
> On 1/29/19 11:37 AM, Hugo Lefeuvre wrote:
>> Hi Lucas,
>>> Great, sorry for being a victim of my lack of attention... I've never
>>> used phpmyadmin (that's why I requested some testing) and my local tests
>>> were so basic that they didn't catch this issue. Shame on me.
>> fine, main thing is issues have been found before upload :)
>>> I'll fix it and perform some tests. Thanks for the review and the time
>>> that you spent on this.
>> I am available for testing the updated package if needed.
> Lucas Kanashiro
Fighting their rescuers.
- Octavia Butler