diff options
-rw-r--r-- | databases/phpmyadmin/Makefile | 2 | ||||
-rw-r--r-- | databases/phpmyadmin/distinfo | 4 | ||||
-rw-r--r-- | security/vuxml/vuln.xml | 32 |
3 files changed, 35 insertions, 3 deletions
diff --git a/databases/phpmyadmin/Makefile b/databases/phpmyadmin/Makefile index fd2f6d8bee37..854a2c50a48c 100644 --- a/databases/phpmyadmin/Makefile +++ b/databases/phpmyadmin/Makefile @@ -6,7 +6,7 @@ # PORTNAME= phpMyAdmin -DISTVERSION= 3.4.10.1 +DISTVERSION= 3.4.10.2 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages diff --git a/databases/phpmyadmin/distinfo b/databases/phpmyadmin/distinfo index 5c2c91887a04..0941aa04c8d9 100644 --- a/databases/phpmyadmin/distinfo +++ b/databases/phpmyadmin/distinfo @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-3.4.10.1-all-languages.tar.xz) = 7335e0124a87a740c5147b53e752d3c61dd424f5916c9573cbd3a02cdc108b6f -SIZE (phpMyAdmin-3.4.10.1-all-languages.tar.xz) = 3693320 +SHA256 (phpMyAdmin-3.4.10.2-all-languages.tar.xz) = 23dab15d28f24eae11bb5125b4a42f07d35f47e3ffc94346692f515de5bdae85 +SIZE (phpMyAdmin-3.4.10.2-all-languages.tar.xz) = 3693324 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8a3b34ca68a4..9518b493c448 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -52,6 +52,38 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a81161d2-790f-11e1-ac16-e0cb4e266481"> + <topic>phpMyAdmin -- Path disclosure due to missing verification of file presence</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><gt>3.4</gt><lt>3.4.10.2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMYAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php"> + <p>The show_config_errors.php scripts did not validate the + presence of the configuration file, so an error message + shows the full path of this file, leading to possible + further attacks. For the error messages to be displayed, + php.ini's error_reporting must be set to E_ALL and + display_errors must be On (these settings are not + recommended on a production server in the PHP manual).</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2012-1902</cvename> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php</url> + </references> + <dates> + <discovery>2012-03-28</discovery> + <entry>2012-03-28</entry> + </dates> + </vuln> + <vuln vid="b8f0a391-7910-11e1-8a43-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |