[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Review and testing phpmyadmin for Jessie LTS

Hi Antoine,

Thank you for the feedback! I've also performed some tests (I sent an
email about that almost at the same time as you :) and came up to the
same result.

After your report I'll upload the package now.


On 2/1/19 5:31 PM, Antoine Beaupré wrote:
> Hi,
> I've reviewed both patches and they look sane. I did some smoke tests on
> the package (installed it and mariadb in a VM) and it seems to run
> okay. I also did an naive attempt at exploiting CVE-2018-19970 but
> couldn't succeed, which can either mean I failed or the flaw is
> fixed. :)
> Good job,
> A.
> On 2019-01-29 15:27:59, Lucas Kanashiro wrote:
>> Hugo,
>> I just uploaded a new package fixing the issue that you pointed out here
>> again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
>> I didn't perform any new testing yet, I want to do it soon. But if you
>> could have a try again it would be great.
>> Cheers.
>> On 1/29/19 11:37 AM, Hugo Lefeuvre wrote:
>>> Hi Lucas,
>>>> Great, sorry for being a victim of my lack of attention... I've never
>>>> used phpmyadmin (that's why I requested some testing) and my local tests
>>>> were so basic that they didn't catch this issue. Shame on me.
>>> That's 
>>> fine, main thing is issues have been found before upload :)
>>>> I'll fix it and perform some tests. Thanks for the review and the time
>>>> that you spent on this.
>>> I am available for testing the updated package if needed.
>>> cheers,
>>>  Hugo
>> -- 
>> Lucas Kanashiro

Lucas Kanashiro

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: