Hi Antoine, Thank you for the feedback! I've also performed some tests (I sent an email about that almost at the same time as you :) and came up to the same result. After your report I'll upload the package now. Cheers. On 2/1/19 5:31 PM, Antoine Beaupré wrote: > Hi, > > I've reviewed both patches and they look sane. I did some smoke tests on > the package (installed it and mariadb in a VM) and it seems to run > okay. I also did an naive attempt at exploiting CVE-2018-19970 but > couldn't succeed, which can either mean I failed or the flaw is > fixed. :) > > Good job, > > A. > > On 2019-01-29 15:27:59, Lucas Kanashiro wrote: >> Hugo, >> >> I just uploaded a new package fixing the issue that you pointed out here >> again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/ >> >> I didn't perform any new testing yet, I want to do it soon. But if you >> could have a try again it would be great. >> >> Cheers. >> >> On 1/29/19 11:37 AM, Hugo Lefeuvre wrote: >>> Hi Lucas, >>> >>>> Great, sorry for being a victim of my lack of attention... I've never >>>> used phpmyadmin (that's why I requested some testing) and my local tests >>>> were so basic that they didn't catch this issue. Shame on me. >>> That's >>> fine, main thing is issues have been found before upload :) >>> >>>> I'll fix it and perform some tests. Thanks for the review and the time >>>> that you spent on this. >>> I am available for testing the updated package if needed. >>> >>> cheers, >>> Hugo >>> >> -- >> Lucas Kanashiro -- Lucas Kanashiro
Attachment:
signature.asc
Description: OpenPGP digital signature