diff options
| -rw-r--r-- | databases/phpmyadmin/Makefile | 2 | ||||
| -rw-r--r-- | databases/phpmyadmin/distinfo | 4 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 53 |
3 files changed, 56 insertions, 3 deletions
diff --git a/databases/phpmyadmin/Makefile b/databases/phpmyadmin/Makefile index eeb1c8faefda..668c08de93af 100644 --- a/databases/phpmyadmin/Makefile +++ b/databases/phpmyadmin/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin -DISTVERSION= 3.5.8 +DISTVERSION= 3.5.8.1 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages diff --git a/databases/phpmyadmin/distinfo b/databases/phpmyadmin/distinfo index e80a299089e7..17dea4bc61b4 100644 --- a/databases/phpmyadmin/distinfo +++ b/databases/phpmyadmin/distinfo @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-3.5.8-all-languages.tar.xz) = 0766acb45d862ca802b5d3018f240bdd0a14749e21f40ebabe51bf25d6088409 -SIZE (phpMyAdmin-3.5.8-all-languages.tar.xz) = 3744780 +SHA256 (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = c66737ff55369b1c9e4b116e68f3c517faf7c4bc17e289d008d74fde6c8260f6 +SIZE (phpMyAdmin-3.5.8.1-all-languages.tar.xz) = 3744808 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0616943b682a..1742f0e7dfd0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,59 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="8c8fa44d-ad15-11e2-8cea-6805ca0b3d42"> + <topic>phpMyAdmin -- Multiple security vulnerabilities</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>3.5</ge><lt>3.5.8.1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php"> + <p>In some PHP versions, the preg_replace() function can be + tricked into executing arbitrary PHP code on the + server. This is done by passing a crafted argument as the + regular expression, containing a null byte. phpMyAdmin does + not correctly sanitize an argument passed to preg_replace() + when using the "Replace table prefix" feature, opening the + way to this vulnerability..</p> + <p>This vulnerability can be triggered only by someone who + logged in to phpMyAdmin, as the usual token protection + prevents non-logged-in users to access the required + form.</p> + </blockquote> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php"> + <p>phpMyAdmin can be configured to save an export file on + the web server, via its SaveDir directive. With this in + place, it's possible, either via a crafted filename template + or a crafted table name, to save a double extension file + like foobar.php.sql. In turn, an Apache webserver on which + there is no definition for the MIME type "sql" (the default) + will treat this saved file as a ".php" script, leading to + remote code execution.</p> + <p>This vulnerability can be triggered only by someone who + logged in to phpMyAdmin, as the usual token protection + prevents non-logged-in users to access the required + form. Moreover, the SaveDir directive is empty by default, + so a default configuration is not vulnerable. The + $cfg['SaveDir'] directive must be configured, and the server + must be running Apache with mod_mime to be exploitable.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2013-3238</cvename> + <cvename>CVE-2013-3239</cvename> + </references> + <dates> + <discovery>2013-04-24</discovery> + <entry>2013-04-24</entry> + </dates> + </vuln> + <vuln vid="aeb962f6-ab8d-11e2-b3f5-003067c2616f"> <topic>tinc -- Buffer overflow</topic> <affects> |