diff options
| author | matthew <matthew@FreeBSD.org> | 2013-06-06 06:02:13 +0800 |
|---|---|---|
| committer | matthew <matthew@FreeBSD.org> | 2013-06-06 06:02:13 +0800 |
| commit | f354246b4a80e28927cbb2ace713b57821f38c17 (patch) | |
| tree | e2545db21351862afb71f569330ceef554b54611 | |
| parent | 29a03370887af0c77e569c6a1d223daa34d1473f (diff) | |
| download | freebsd-ports-graphics-f354246b4a80e28927cbb2ace713b57821f38c17.tar.gz freebsd-ports-graphics-f354246b4a80e28927cbb2ace713b57821f38c17.tar.zst freebsd-ports-graphics-f354246b4a80e28927cbb2ace713b57821f38c17.zip | |
Security upgrade to 4.0.3
Advisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php
ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.3/phpMyAdmin-4.0.3-notes.html/view
Security: 6b97436c-ce1e-11e2-9cb2-6805ca0b3d42
| -rw-r--r-- | databases/phpmyadmin/Makefile | 2 | ||||
| -rw-r--r-- | databases/phpmyadmin/distinfo | 4 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 31 |
3 files changed, 34 insertions, 3 deletions
diff --git a/databases/phpmyadmin/Makefile b/databases/phpmyadmin/Makefile index 512046cf303..d77e45f7976 100644 --- a/databases/phpmyadmin/Makefile +++ b/databases/phpmyadmin/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin -DISTVERSION= 4.0.2 +DISTVERSION= 4.0.3 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages diff --git a/databases/phpmyadmin/distinfo b/databases/phpmyadmin/distinfo index ff95d2aac9e..3f0c66f2d76 100644 --- a/databases/phpmyadmin/distinfo +++ b/databases/phpmyadmin/distinfo @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-4.0.2-all-languages.tar.xz) = fad443ccfbf40c7e54bc04dde32423b9837a50e54771ff4c424ad31561d1082f -SIZE (phpMyAdmin-4.0.2-all-languages.tar.xz) = 4360284 +SHA256 (phpMyAdmin-4.0.3-all-languages.tar.xz) = a1e2d663ee8976402dd18818cc8479eb34019a82553df0009af1036e63629a93 +SIZE (phpMyAdmin-4.0.3-all-languages.tar.xz) = 4400480 diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index d0320018954..6ba541ccc01 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,37 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6b97436c-ce1e-11e2-9cb2-6805ca0b3d42"> + <topic>phpMyAdmin -- XSS due to unescaped HTML output in Create View page</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><ge>4.0</ge><lt>4.0.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php"> + <p>When creating a view with a crafted name and an incorrect + CREATE statement, it is possible to trigger an XSS.</p> + <p>This vulnerability can be triggered only by someone who + logged in to phpMyAdmin, as the usual token protection + prevents non-logged-in users from accessing the required + form.</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-6.php</url> + <cvename>CVE-2013-3742</cvename> + </references> + <dates> + <discovery>2013-06-05</discovery> + <entry>2013-06-05</entry> + </dates> + </vuln> + <vuln vid="a3c2dee5-cdb9-11e2-b9ce-080027019be0"> <topic>telepathy-gabble -- TLS verification bypass</topic> <affects> |