aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--databases/phpmyadmin/Makefile2
-rw-r--r--databases/phpmyadmin/distinfo4
-rw-r--r--security/vuxml/vuln.xml32
3 files changed, 35 insertions, 3 deletions
diff --git a/databases/phpmyadmin/Makefile b/databases/phpmyadmin/Makefile
index fd2f6d8bee37..854a2c50a48c 100644
--- a/databases/phpmyadmin/Makefile
+++ b/databases/phpmyadmin/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= phpMyAdmin
-DISTVERSION= 3.4.10.1
+DISTVERSION= 3.4.10.2
CATEGORIES= databases www
MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages
diff --git a/databases/phpmyadmin/distinfo b/databases/phpmyadmin/distinfo
index 5c2c91887a04..0941aa04c8d9 100644
--- a/databases/phpmyadmin/distinfo
+++ b/databases/phpmyadmin/distinfo
@@ -1,2 +1,2 @@
-SHA256 (phpMyAdmin-3.4.10.1-all-languages.tar.xz) = 7335e0124a87a740c5147b53e752d3c61dd424f5916c9573cbd3a02cdc108b6f
-SIZE (phpMyAdmin-3.4.10.1-all-languages.tar.xz) = 3693320
+SHA256 (phpMyAdmin-3.4.10.2-all-languages.tar.xz) = 23dab15d28f24eae11bb5125b4a42f07d35f47e3ffc94346692f515de5bdae85
+SIZE (phpMyAdmin-3.4.10.2-all-languages.tar.xz) = 3693324
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index 8a3b34ca68a4..9518b493c448 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -52,6 +52,38 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="a81161d2-790f-11e1-ac16-e0cb4e266481">
+ <topic>phpMyAdmin -- Path disclosure due to missing verification of file presence</topic>
+ <affects>
+ <package>
+ <name>phpMyAdmin</name>
+ <range><gt>3.4</gt><lt>3.4.10.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The phpMYAdmin development team reports:</p>
+ <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php">
+ <p>The show_config_errors.php scripts did not validate the
+ presence of the configuration file, so an error message
+ shows the full path of this file, leading to possible
+ further attacks. For the error messages to be displayed,
+ php.ini's error_reporting must be set to E_ALL and
+ display_errors must be On (these settings are not
+ recommended on a production server in the PHP manual).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2012-1902</cvename>
+ <url>http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php</url>
+ </references>
+ <dates>
+ <discovery>2012-03-28</discovery>
+ <entry>2012-03-28</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b8f0a391-7910-11e1-8a43-00262d5ed8ee">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>