Bug#1102399: marked as done (bookworm-pu: package phpmyadmin/4:5.2.1+dfsg-1+deb12u1)

To: jmw@debian.org
Subject: Bug#1102399: marked as done (bookworm-pu: package phpmyadmin/4:5.2.1+dfsg-1+deb12u1)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Sat, 17 May 2025 09:39:13 +0000
Message-id: <[🔎] handler.1102399.D1102399.17474746801605329.ackdone@bugs.debian.org>
Reply-to: 1102399@bugs.debian.org
References: <E1uGDzS-005KJ4-H3@coccia.debian.org> <174412746497.324760.8205159763688802035.reportbug@localhost>

Your message dated Sat, 17 May 2025 09:37:58 +0000
with message-id <E1uGDzS-005KJ4-H3@coccia.debian.org>
and subject line Close 1102399
has caused the Debian Bug report #1102399,
regarding bookworm-pu: package phpmyadmin/4:5.2.1+dfsg-1+deb12u1
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1102399: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102399
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: bookworm-pu: package phpmyadmin/4:5.2.1+dfsg-1+deb12u1
From: Adrian Bunk <bunk@debian.org>
Date: Tue, 08 Apr 2025 18:51:04 +0300
Message-id: <174412746497.324760.8205159763688802035.reportbug@localhost>

Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: phpMyAdmin Packaging Team <team+phpmyadmin@tracker.debian.org>, security@debian.org

  * CVE-2025-24529: XSS on Insert page
  * CVE-2025-24530: XSS when checking tables

diffstat for phpmyadmin-5.2.1+dfsg phpmyadmin-5.2.1+dfsg

 changelog                                                        |    8 +
 patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch          |   79 ++++++++++
 patches/0002-Fix-unescaped-table-name-when-checking-tables.patch |   37 ++++
 patches/series                                                   |    2 
 4 files changed, 126 insertions(+)

diff -Nru phpmyadmin-5.2.1+dfsg/debian/changelog phpmyadmin-5.2.1+dfsg/debian/changelog
--- phpmyadmin-5.2.1+dfsg/debian/changelog	2023-02-08 14:57:42.000000000 +0200
+++ phpmyadmin-5.2.1+dfsg/debian/changelog	2025-04-08 18:25:51.000000000 +0300
@@ -1,3 +1,11 @@
+phpmyadmin (4:5.2.1+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2025-24529: XSS on Insert page
+  * CVE-2025-24530: XSS when checking tables
+
+ -- Adrian Bunk <bunk@debian.org>  Tue, 08 Apr 2025 18:25:51 +0300
+
 phpmyadmin (4:5.2.1+dfsg-1) unstable; urgency=medium
 
   * Add a d/pkg-php-tools-overrides to force the PHP 8.0 polyfill dep
diff -Nru phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch
--- phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch	1970-01-01 02:00:00.000000000 +0200
+++ phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch	2025-04-08 16:15:24.000000000 +0300
@@ -0,0 +1,79 @@
+From 8ee84b67eca8a8178fec498188d968d95212e932 Mon Sep 17 00:00:00 2001
+From: Maurício Meneghini Fauth <mauricio@mfauth.net>
+Date: Sun, 12 Jan 2025 22:39:06 -0300
+Subject: Fix XSS vulnerability on Insert page
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth <mauricio@mfauth.net>
+---
+ libraries/classes/InsertEdit.php |  4 ++--
+ psalm-baseline.xml               |  2 +-
+ test/classes/InsertEditTest.php  | 14 ++++++++++++--
+ 3 files changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/libraries/classes/InsertEdit.php b/libraries/classes/InsertEdit.php
+index 3e6ab3e411..72971c0b88 100644
+--- a/libraries/classes/InsertEdit.php
++++ b/libraries/classes/InsertEdit.php
+@@ -1124,8 +1124,8 @@ private function getSpecialCharsAndBackupFieldForInsertingMode(
+         } elseif ($trueType === 'binary' || $trueType === 'varbinary') {
+             $specialChars = bin2hex($column['Default']);
+         } elseif (substr($trueType, -4) === 'text') {
+-            $textDefault = substr($column['Default'], 1, -1);
+-            $specialChars = stripcslashes($textDefault !== false ? $textDefault : $column['Default']);
++            $textDefault = (string) substr($column['Default'], 1, -1);
++            $specialChars = htmlspecialchars(stripcslashes($textDefault !== '' ? $textDefault : $column['Default']));
+         } else {
+             $specialChars = htmlspecialchars($column['Default']);
+         }
+diff --git a/psalm-baseline.xml b/psalm-baseline.xml
+index a07466f7bf..4f053c0a6a 100644
+--- a/psalm-baseline.xml
++++ b/psalm-baseline.xml
+@@ -8183,7 +8183,7 @@
+       <code>$specialChars</code>
+       <code>$specialChars</code>
+       <code>$specialCharsEncoded</code>
+-      <code>$textDefault !== false ? $textDefault : $column['Default']</code>
++      <code>$textDefault !== '' ? $textDefault : $column['Default']</code>
+       <code>$transformationPlugin-&gt;getScripts()</code>
+       <code>$transformation[$type . '_options'] ?? ''</code>
+       <code>$trueType</code>
+diff --git a/test/classes/InsertEditTest.php b/test/classes/InsertEditTest.php
+index 6bbe885c12..c3f8234586 100644
+--- a/test/classes/InsertEditTest.php
++++ b/test/classes/InsertEditTest.php
+@@ -1714,9 +1714,9 @@ public function providerForTestGetSpecialCharsAndBackupFieldForInsertingMode():
+                 [
+                     false,
+                     '"lorem\"ipsem"',
+-                    'lorem"ipsem',
++                    'lorem&quot;ipsem',
+                     '',
+-                    'lorem"ipsem',
++                    'lorem&quot;ipsem',
+                 ],
+             ],
+             'varchar with html special chars' => [
+@@ -1732,6 +1732,16 @@ public function providerForTestGetSpecialCharsAndBackupFieldForInsertingMode():
+                     'hello world&lt;br&gt;&lt;b&gt;lorem&lt;/b&gt; ipsem',
+                 ],
+             ],
++            'text with html special chars' => [
++                ['True_Type' => 'text', 'Default' => '\'</textarea><script>alert(1)</script>\''],
++                [
++                    false,
++                    '\'</textarea><script>alert(1)</script>\'',
++                    '&lt;/textarea&gt;&lt;script&gt;alert(1)&lt;/script&gt;',
++                    '',
++                    '&lt;/textarea&gt;&lt;script&gt;alert(1)&lt;/script&gt;',
++                ],
++            ],
+         ];
+     }
+ 
+-- 
+2.30.2
+
diff -Nru phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch
--- phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch	1970-01-01 02:00:00.000000000 +0200
+++ phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch	2025-04-08 16:15:24.000000000 +0300
@@ -0,0 +1,37 @@
+From 198467709c031c52fb9143995e325bcbf67eed52 Mon Sep 17 00:00:00 2001
+From: Maurício Meneghini Fauth <mauricio@mfauth.net>
+Date: Tue, 15 Oct 2024 12:27:22 -0300
+Subject: Fix unescaped table name when checking tables
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth <mauricio@mfauth.net>
+---
+ libraries/classes/Table/Maintenance.php | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libraries/classes/Table/Maintenance.php b/libraries/classes/Table/Maintenance.php
+index 97c3423e91..2a2596c2bd 100644
+--- a/libraries/classes/Table/Maintenance.php
++++ b/libraries/classes/Table/Maintenance.php
+@@ -13,6 +13,7 @@
+ use PhpMyAdmin\Util;
+ 
+ use function __;
++use function htmlspecialchars;
+ use function implode;
+ use function sprintf;
+ 
+@@ -119,7 +120,7 @@ public function getIndexesProblems(DatabaseName $db, array $tables): string
+                 continue;
+             }
+ 
+-            $indexesProblems .= sprintf(__('Problems with indexes of table `%s`'), $table->getName());
++            $indexesProblems .= htmlspecialchars(sprintf(__('Problems with indexes of table `%s`'), $table->getName()));
+             $indexesProblems .= $check;
+         }
+ 
+-- 
+2.30.2
+
diff -Nru phpmyadmin-5.2.1+dfsg/debian/patches/series phpmyadmin-5.2.1+dfsg/debian/patches/series
--- phpmyadmin-5.2.1+dfsg/debian/patches/series	2023-02-08 14:57:42.000000000 +0200
+++ phpmyadmin-5.2.1+dfsg/debian/patches/series	2025-04-08 18:25:51.000000000 +0300
@@ -9,3 +9,5 @@
 Drop-depends-on-paragonie-sodium_compat-since-PHP-7.2-is-required.patch
 Skip-part-of-RoutingTest-testGetDispatcher.patch
 Adjust-path-for-source-files-in-tests.patch
+0001-Fix-XSS-vulnerability-on-Insert-page.patch
+0002-Fix-unescaped-table-name-when-checking-tables.patch

--- End Message ---

--- Begin Message ---

To: 1102399-done@bugs.debian.org

Subject: Close 1102399

From: jmw@debian.org

Date: Sat, 17 May 2025 09:37:58 +0000

Message-id: <E1uGDzS-005KJ4-H3@coccia.debian.org>
Version: 12.11
This update has been released as part of 12.10. Thank you for your contribution.
--- End Message ---

Reply to:

Prev by Date: Bug#1102139: marked as done (bookworm-pu: package shadow/1:4.13+dfsg1-1+deb12u1)
Next by Date: Bug#1102786: marked as done (bookworm-pu: package adonthell/0.3.8-2)
Previous by thread: Bug#1102139: marked as done (bookworm-pu: package shadow/1:4.13+dfsg1-1+deb12u1)
Next by thread: Bug#1102786: marked as done (bookworm-pu: package adonthell/0.3.8-2)
Index(es):
- Date
- Thread