Hi today, new version of phpMyAdmin has been released with dozen of security fixes, which we of course would like to have fixed in Jessie. Given that 4.2 branch of phpMyAdmin is currently getting only bugfixes, it might be better idea to update to latest upstream instead of backporting all of the fixes. Is there a chance to get permission for version upgrade to Jessie? Upstream changelog: 4.2.12.0 (2014-11-20) - bug #4574 Blank/white page when JavaScript disabled - bug #4577 Multi row actions cause full page reloads - bug ReferenceError: targeurl is not defined - bug Incorrect text/icon display in Tracking report - bug #4404 Recordset return from procedure display nothing - bug #4584 Edit dialog for routines is too long for smaller displays - bug #4586 Javascript error after moving a column - bug #4576 Issue with long comments on table columns - bug #4599 Input field unnecessarily selected on focus - bug #4602 Exporting selected rows exports all rows of the query - bug #4444 No insert statement produced in SQL export for queries with alias - bug #4603 Field disabled when internal relations used - bug #4596 [security] XSS through exception stack - bug #4595 [security] Path traversal can lead to leakage of line count - bug #4578 [security] XSS vulnerability in table print view - bug #4579 [security] XSS vulnerability in zoom search page - bug #4594 [security] Path traversal in file inclusion of GIS factory - bug #4598 [security] XSS in multi submit - bug #4597 [security] XSS through pma_fontsize cookie 4.2.11.0 (2014-10-31) - bug ReferenceError: Table_onover is not defined - bug #4552 Incorrect routines display for database due to case insensitive checks - bug #4259 reCaptcha sound session expired problem - bug #4557 PHP fatal error, undefined function __() - bug #4568 Date displayed incorrectly when charting a timeline - bug #4571 Database Privileges link does not work - bug makegrid.js: where_clause is undefined - bug #4572 missing trailing slash (import and open_basedir) Diffstat without translations: ChangeLog | 33 +++++- README | 2 build.xml | 17 ++- doc/conf.py | 2 import.php | 11 -- js/common.js | 4 js/jquery/jquery.menuResizer-1.0.js | 3 js/makegrid.js | 3 js/rte.js | 6 - js/sql.js | 13 ++ js/tbl_chart.js | 4 js/tbl_structure.js | 16 +++ libraries/Config.class.php | 4 libraries/DatabaseInterface.class.php | 3 libraries/DisplayResults.class.php | 19 ++- libraries/Header.class.php | 3 libraries/Theme.class.php | 2 libraries/Util.class.php | 18 +++ libraries/core.lib.php | 8 + libraries/display_export.lib.php | 8 - libraries/error_report.lib.php | 15 ++ libraries/gis/GIS_Factory.class.php | 4 libraries/mult_submits.lib.php | 7 - libraries/navigation/Nodes/Node_Database.class.php | 18 ++- libraries/navigation/Nodes/Node_Table.class.php | 12 +- libraries/operations.lib.php | 8 - libraries/plugins/auth/AuthenticationCookie.class.php | 11 +- libraries/relation.lib.php | 2 libraries/rte/rte_events.lib.php | 9 + libraries/rte/rte_routines.lib.php | 9 + libraries/sql.lib.php | 69 +++++++++---- libraries/structure.lib.php | 2 libraries/tbl_printview.lib.php | 2 libraries/tbl_tracking.lib.php | 2 pmd_general.php | 2 scripts/update-po | 4 server_privileges.php | 2 tbl_export.php | 20 +++ tbl_zoom_select.php | 2 test/classes/plugin/auth/PMA_AuthenticationCookie_test.php | 15 -- test/libraries/PMA_tbl_tracking_test.php | 1 41 files changed, 290 insertions(+), 105 deletions(-) Full diff: http://tmp.cihar.com/phpmyadmin-4.2.12.diff Thanks -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Attachment:
pgpc_WT0Hzyxw.pgp
Description: OpenPGP digital signature