Bug#378681: marked as done (diff for 4:2.8.2-0.1 NMU)

Debian Bug Tracking System Wed, 11 Oct 2006 08:03:50 -0700

Your message dated Wed, 11 Oct 2006 07:02:31 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#378681: fixed in phpmyadmin 4:2.9.0.2-1
has caused the attached Bug report to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: phpmyadmin
Version: 4:2.8.1-1
Severity: normal
Tags: patch

Hi,

Attached is the diff for my phpmyadmin 4:2.8.2-0.1 NMU.

diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/ChangeLog 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/ChangeLog
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/ChangeLog  2006-05-20 19:16:21.000000000 
+0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/ChangeLog  2006-06-30 15:54:23.000000000 
+0200
@@ -2,12 +2,36 @@
 phpMyAdmin - Changelog
 ----------------------
 
-$Id: ChangeLog,v 2.1929.2.130.2.4 2006/05/20 17:16:21 lem9 Exp $
+$Id: ChangeLog,v 2.1929.2.142 2006/06/30 13:54:23 lem9 Exp $
 $Source: /cvsroot/phpmyadmin/phpMyAdmin/ChangeLog,v $
 
+2006-06-30 Marc Delisle  <[EMAIL PROTECTED]>
+    * libraries/common.lib.php: escape also single quotes 
+    ### 2.8.2 released from QA_2_8 
+
+2006-06-28 Marc Delisle  <[EMAIL PROTECTED]>
+    * libraries/common.lib.php: escape allowed parameters from non-token 
+      requests
+
+2006-06-15 Marc Delisle  <[EMAIL PROTECTED]>
+    * libraries/display_export.lib.php: reenable XML option in export
+
+2006-06-02 Marc Delisle  <[EMAIL PROTECTED]>
+    * Documentation.html: requirements: web browser with cookies enabled
+
+2006-05-29 Marc Delisle  <[EMAIL PROTECTED]>
+    * main.php: bug #1496881, CVS link broken in main.php
+
 2006-05-20 Marc Delisle  <[EMAIL PROTECTED]>
     ### 2.8.1 released from MAINT_2_8_1
 
+2006-05-17 Marc Delisle  <[EMAIL PROTECTED]>
+    * server_privileges.php: bug #1478812, Add user (password containing 
+      a backslash; also minor optimization
+
+2006-05-15 Marc Delisle  <[EMAIL PROTECTED]>
+    * libraries/common.lib.php, bug #1475949, removing the default value
+
 2006-05-15 Michal Čihař  <[EMAIL PROTECTED]>
     * scripts/setup.php: Compatibility with security tokens (bug #1488453).
     * scripts/setup.php: Fix detection of writable config (bug #1488447).
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/debian/changelog 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/debian/changelog
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/debian/changelog   2006-07-18 
12:56:54.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/debian/changelog   2006-07-18 
12:56:54.000000000 +0200
@@ -1,3 +1,11 @@
+phpmyadmin (4:2.8.2-0.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * New upstream release.
+    * Fixes cross-site-scripting issues. [CVE-2006-3388] (Closes: #377748)
+
+ -- Steinar H. Gunderson <[EMAIL PROTECTED]>  Tue, 18 Jul 2006 12:52:19 +0200
+
 phpmyadmin (4:2.8.1-1) unstable; urgency=medium
 
   * New upstream release. Closes: #373204.
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/Documentation.html 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/Documentation.html
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/Documentation.html 2006-05-20 
19:16:47.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/Documentation.html 2006-06-30 
15:46:50.000000000 +0200
@@ -1,6 +1,6 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" 
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
 <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en-US" lang="en-US">
-<!-- $Id: Documentation.html,v 2.205.2.17.2.1 2006/05/20 17:16:47 lem9 Exp $ 
-->
+<!-- $Id: Documentation.html,v 2.205.2.21 2006/06/30 13:46:50 lem9 Exp $ -->
 <!--
     vim: expandtab ts=4 sw=4 sts=4 tw=78
 -->
@@ -9,7 +9,7 @@
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-    <title>phpMyAdmin 2.8.1 - Documentation</title>
+    <title>phpMyAdmin 2.8.2 - Documentation</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -33,7 +33,7 @@
 <hr noshade="noshade" width="100%" />
 </div>
 
-<h1>phpMyAdmin 2.8.1 Documentation</h1>
+<h1>phpMyAdmin 2.8.2 Documentation</h1>
 
 
 <!-- TOP MENU -->
@@ -53,7 +53,7 @@
     </li>
     <li>
         Documentation version:
-        <i>$Id: Documentation.html,v 2.205.2.17.2.1 2006/05/20 17:16:47 lem9 
Exp $</i>
+        <i>$Id: Documentation.html,v 2.205.2.21 2006/06/30 13:46:50 lem9 Exp 
$</i>
     </li>
 </ul>
 
@@ -85,7 +85,7 @@
         phase but every other action that you do in phpMyAdmin.
     </li>
     <li>
-        a web-browser (doh!).
+    <b>Web browser</b> with cookies enabled.
     </li>
 </ul>
 
@@ -4116,9 +4116,9 @@
 <ol>
     <li>
         fetch the current CVS tree over anonymous CVS:<br />
-        <tt>cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin login</tt><br 
/>
+        <tt>cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin login</tt><br 
/>
         [Password: simply press the Enter key]<br />
-        <tt>cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin checkout 
phpMyAdmin</tt><br />
+        <tt>cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin checkout 
phpMyAdmin</tt><br />
         [This will create a new sub-directory named phpMyAdmin]
     </li>
     <li>
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/Documentation.txt 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/Documentation.txt
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/Documentation.txt  2006-05-20 
19:33:32.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/Documentation.txt  2006-06-30 
15:55:32.000000000 +0200
@@ -5,15 +5,15 @@
 Transformations  -  FAQ  -  Developers  -  Credits  -  Translators
 -------------------------------------------------------------------------------
 
-phpMyAdmin 2.8.1 Documentation
+phpMyAdmin 2.8.2 Documentation
 
   * SourceForge phpMyAdmin project page   [ http://www.phpmyadmin.net/ ]
   * Local documents:
       + Version history: ChangeLog
       + General notes: README
       + License: LICENSE
-  * Documentation version: $Id: Documentation.html,v 2.205.2.17.2.1 2006/05/20
-    17:16:47 lem9 Exp $
+  * Documentation version: $Id: Documentation.html,v 2.205.2.21 2006/06/30
+    13:46:50 lem9 Exp $
 
 
 Requirements
@@ -29,7 +29,7 @@
     "cookie" authentication method, having the mcrypt PHP extension on your web
     server accelerates not only the login phase but every other action that you
     do in phpMyAdmin.
-  * a web-browser (doh!).
+  * Web browser with cookies enabled.
 
 
 Introduction
@@ -2702,10 +2702,10 @@
 The following method is preferred for new developers:
 
  1. fetch the current CVS tree over anonymous CVS:
-    cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin
+    cvs -d:pserver:[EMAIL PROTECTED]:/cvsroot/phpmyadmin
     login
     [Password: simply press the Enter key]
-    cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/
+    cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/
     phpmyadmin checkout phpMyAdmin
     [This will create a new sub-directory named phpMyAdmin]
  2. add your stuff
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/common.lib.php 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/common.lib.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/common.lib.php   2006-05-14 
18:46:51.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/common.lib.php   2006-06-30 
15:11:04.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-/* $Id: common.lib.php,v 2.266.2.23.2.1 2006/05/14 16:46:51 nijel Exp $ */
+/* $Id: common.lib.php,v 2.266.2.27 2006/06/30 13:11:04 lem9 Exp $ */
 // vim: expandtab sw=4 ts=4 sts=4:
 
 /**
@@ -2584,7 +2584,9 @@
             if (strtoupper($default) == 'NULL') {
                 $query .= ' DEFAULT NULL';
             } else {
-                $query .= ' DEFAULT \'' . PMA_sqlAddslashes($default) . '\'';
+                if (!empty($default) || $default == '0') {
+                    $query .= ' DEFAULT \'' . PMA_sqlAddslashes($default) . 
'\'';
+                }
             }
         }
 
@@ -2932,6 +2934,9 @@
             unset($_GET[$key]);
             unset($_POST[$key]);
             unset($GLOBALS[$key]);
+        } else {
+            // allowed stuff could be compromised so escape it
+            $_REQUEST[$key] = htmlspecialchars($_REQUEST[$key], ENT_QUOTES);
         }
     }
 }
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/Config.class.php 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/Config.class.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/Config.class.php 2006-05-20 
19:15:21.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/Config.class.php 2006-06-30 
15:46:11.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-/* $Id: Config.class.php,v 1.21.2.15.2.1 2006/05/20 17:15:21 lem9 Exp $ */
+/* $Id: Config.class.php,v 1.21.2.18 2006/06/30 13:46:11 lem9 Exp $ */
 // vim: expandtab sw=4 ts=4 sts=4:
 
 class PMA_Config
@@ -76,7 +76,7 @@
      */
     function checkSystem()
     {
-        $this->set('PMA_VERSION', '2.8.1');
+        $this->set('PMA_VERSION', '2.8.2');
         /**
          * @deprecated
          */
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/display_export.lib.php 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/display_export.lib.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/libraries/display_export.lib.php   
2006-01-17 18:02:30.000000000 +0100
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/libraries/display_export.lib.php   
2006-06-15 22:22:56.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-/* $Id: display_export.lib.php,v 2.47 2006/01/17 17:02:30 cybot_tm Exp $ */
+/* $Id: display_export.lib.php,v 2.47.2.1 2006/06/15 20:22:56 lem9 Exp $ */
 // vim: expandtab sw=4 ts=4 sts=4:
 
 // Get relations & co. status
@@ -36,7 +36,7 @@
 <?php
 $hide_structure = false;
 $hide_sql       = false;
-$hide_xml       = (bool) (isset($db) && strlen($db));
+$hide_xml       = (bool) ! (isset($db) && strlen($db));
 if ($export_type == 'server') {
     echo PMA_generate_common_hidden_inputs('', '', 1);
 } elseif ($export_type == 'database') {
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/main.php 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/main.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/main.php   2006-04-24 09:30:14.000000000 
+0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/main.php   2006-05-29 18:09:30.000000000 
+0200
@@ -1,5 +1,5 @@
 <?php
-/* $Id: main.php,v 2.100.2.2 2006/04/24 07:30:14 nijel Exp $ */
+/* $Id: main.php,v 2.100.2.3 2006/05/29 16:09:30 lem9 Exp $ */
 // vim: expandtab sw=4 ts=4 sts=4:
 
 /**
@@ -283,7 +283,7 @@
 ?>
     <li><bdo xml:lang="en" dir="ltr">
         [<a href="changelog.php" target="_blank">ChangeLog</a>]
-        [<a 
href="http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/phpmyadmin/phpMyAdmin/";
+        [<a href="http://phpmyadmin.cvs.sourceforge.net/phpmyadmin/";
             target="_blank">CVS</a>]
         [<a href="http://sourceforge.net/mail/?group_id=23067";
             target="_blank">Lists</a>]
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/README 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/README
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/README     2006-05-20 19:17:03.000000000 
+0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/README     2006-06-30 15:48:13.000000000 
+0200
@@ -1,11 +1,11 @@
-$Id: README,v 2.40.2.6.2.1 2006/05/20 17:17:03 lem9 Exp $
+$Id: README,v 2.40.2.8 2006/06/30 13:48:13 lem9 Exp $
 
 phpMyAdmin - Readme
 ===================
 
   A set of PHP-scripts to manage MySQL over the web.
 
-  Version 2.8.1
+  Version 2.8.2
   -------------
   http://www.phpmyadmin.net/
 
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/RELEASE-DATE-2.8.1 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/RELEASE-DATE-2.8.1
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/RELEASE-DATE-2.8.1 2006-05-20 
19:33:32.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/RELEASE-DATE-2.8.1 1970-01-01 
01:00:00.000000000 +0100
@@ -1 +0,0 @@
-Sat May 20 17:33:32 UTC 2006
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/RELEASE-DATE-2.8.2 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/RELEASE-DATE-2.8.2
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/RELEASE-DATE-2.8.2 1970-01-01 
01:00:00.000000000 +0100
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/RELEASE-DATE-2.8.2 2006-06-30 
15:55:32.000000000 +0200
@@ -0,0 +1 @@
+Fri Jun 30 13:55:32 UTC 2006
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/scripts/setup.php 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/scripts/setup.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/scripts/setup.php  2006-05-15 
09:57:09.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/scripts/setup.php  2006-05-15 
09:57:30.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-/* $Id: setup.php,v 1.23.2.8.2.2 2006/05/15 07:57:09 nijel Exp $ */
+/* $Id: setup.php,v 1.23.2.10 2006/05/15 07:57:30 nijel Exp $ */
 // vim: expandtab sw=4 ts=4 sts=4:
 
 // phpMyAdmin setup script by Michal Čihař <[EMAIL PROTECTED]>
@@ -14,7 +14,7 @@
 
 // Script information
 $script_info = 'phpMyAdmin ' . $PMA_Config->get('PMA_VERSION') . ' setup 
script by Michal Čihař <[EMAIL PROTECTED]>';
-$script_version = '$Id: setup.php,v 1.23.2.8.2.2 2006/05/15 07:57:09 nijel Exp 
$';
+$script_version = '$Id: setup.php,v 1.23.2.10 2006/05/15 07:57:30 nijel Exp $';
 
 // Grab action
 if (isset($_POST['action'])) {
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/server_privileges.php 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/server_privileges.php
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/server_privileges.php      2006-03-14 
18:32:19.000000000 +0100
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/server_privileges.php      2006-05-17 
12:24:14.000000000 +0200
@@ -1,5 +1,5 @@
 <?php
-/* $Id: server_privileges.php,v 2.91.2.2 2006/03/14 17:32:19 lem9 Exp $ */
+/* $Id: server_privileges.php,v 2.91.2.3 2006/05/17 10:24:14 lem9 Exp $ */
 // vim: expandtab sw=4 ts=4 sts=4:
 
 require_once('./libraries/common.lib.php');
@@ -764,15 +764,12 @@
             'GRANT ' . join(', ', PMA_extractPrivInfo()) . ' ON *.* TO \''
             . PMA_sqlAddslashes($username) . '\'@\'' . $hostname . '\'';
         if ($pred_password != 'none' && $pred_password != 'keep') {
-            $pma_pw_hidden = '';
-            for ($i = 0; $i < strlen($pma_pw); $i++) {
-                $pma_pw_hidden .= '*';
-            }
+            $pma_pw_hidden = str_repeat('*', strlen($pma_pw));
             $sql_query = $real_sql_query . ' IDENTIFIED BY \'' . 
$pma_pw_hidden . '\'';
-            $real_sql_query .= ' IDENTIFIED BY \'' . $pma_pw . '\'';
+            $real_sql_query .= ' IDENTIFIED BY \'' . 
PMA_sqlAddslashes($pma_pw) . '\'';
             if ( isset( $create_user_real ) ) {
                 $create_user_show = $create_user_real . ' IDENTIFIED BY \'' . 
$pma_pw_hidden . '\'';
-                $create_user_real .= ' IDENTIFIED BY \'' . $pma_pw . '\'';
+                $create_user_real .= ' IDENTIFIED BY \'' . 
PMA_sqlAddslashes($pma_pw) . '\'';
             }
         } else {
             if ($pred_password == 'keep' && !empty($password)) {
diff -Nru /tmp/TObNdkMz8S/phpmyadmin-2.8.1/translators.html 
/tmp/btne0M6sJi/phpmyadmin-2.8.2/translators.html
--- /tmp/TObNdkMz8S/phpmyadmin-2.8.1/translators.html   2006-05-20 
19:17:23.000000000 +0200
+++ /tmp/btne0M6sJi/phpmyadmin-2.8.2/translators.html   2006-06-30 
15:47:15.000000000 +0200
@@ -1,13 +1,13 @@
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
 <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en-US" lang="en-US">
-<!-- $Id: translators.html,v 2.64.2.6.2.1 2006/05/20 17:17:23 lem9 Exp $ -->
+<!-- $Id: translators.html,v 2.64.2.8 2006/06/30 13:47:15 lem9 Exp $ -->
 
 <head>
     <link rel="icon" href="./favicon.ico" type="image/x-icon" />
     <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
     <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
-    <title>phpMyAdmin 2.8.1 - Official translators</title>
+    <title>phpMyAdmin 2.8.2 - Official translators</title>
     <link rel="stylesheet" type="text/css" href="docs.css" />
 </head>
 
@@ -29,7 +29,7 @@
 <hr noshade="noshade" width="100%" />
 </div>
 
-<h1>phpMyAdmin 2.8.1 official translators list</h1>
+<h1>phpMyAdmin 2.8.2 official translators list</h1>
 
 <p>
     Here is the list of the &quot;official translators&quot; of

--- End Message ---

--- Begin Message ---

Source: phpmyadmin
Source-Version: 4:2.9.0.2-1

We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive:

phpmyadmin_2.9.0.2-1.diff.gz
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.0.2-1.diff.gz
phpmyadmin_2.9.0.2-1.dsc
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.0.2-1.dsc
phpmyadmin_2.9.0.2-1_all.deb
  to pool/main/p/phpmyadmin/phpmyadmin_2.9.0.2-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thijs Kinkhorst <[EMAIL PROTECTED]> (supplier of updated phpmyadmin package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 11 Oct 2006 14:46:37 +0200
Source: phpmyadmin
Binary: phpmyadmin
Architecture: source all
Version: 4:2.9.0.2-1
Distribution: unstable
Urgency: high
Maintainer: Thijs Kinkhorst <[EMAIL PROTECTED]>
Changed-By: Thijs Kinkhorst <[EMAIL PROTECTED]>
Description: 
 phpmyadmin - Administrate MySQL over the WWW
Closes: 357972 374918 377748 378681 382139 385365 385889 390484 391090
Changes: 
 phpmyadmin (4:2.9.0.2-1) unstable; urgency=low
 .
   * New maintainer, thanks Piotr for your previous work!
   * Acknowledge NMU's, thanks Steinar! (Closes: #378681)
   * Fix typo in debconf templates and unfuzzy that.
   * Tweak package description.
 .
 phpmyadmin (4:2.9.0.2-0.1) unstable; urgency=high
 .
   * Non-maintainer upload with maintainer consent.
   * Upgrade to latest upstream version to battle cross-site
     request forgery (PMASA-2006-5, CVE-2006-5116, CVE-2006-5117,
     closes: 391090).
   * New upstream also fixes broken database export functionality
     (closes: 374918) and database/table copy (closes: 390484).
   * Update translations:
     - Danish by Claus Hindsgaul (Closes: 357972).
     - Italian by Luca Monducci (Closes: 382139).
     - Spanish by Nacho Barrientos Arias (Closes: 385365).
 .
 phpmyadmin (4:2.8.2-0.2) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Fix issue with /var/www pointing to /usr/share/phpmyadmin.
     (Closes: #385889)
     * Make sure we install /var/www as a directory, since we make a symlink 
into
       it and we can't rely on it being there.
     * Explicitly link to /var/www/phpmyadmin instead of /var/www, to make sure
       we don't make a new /var/www even if it should be removed for some
       reason.
 .
 phpmyadmin (4:2.8.2-0.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * New upstream release.
     * Fixes cross-site-scripting issues. [CVE-2006-3388] (Closes: #377748)
Files: 
 f04e499e4cd8bbea1bf9acd2c3ebc536 638 web extra phpmyadmin_2.9.0.2-1.dsc
 e8776c4ec0bccaffadad0066caf42473 40920 web extra phpmyadmin_2.9.0.2-1.diff.gz
 cc3dcd590a8c9f949089f992e3ddf138 3565720 web extra phpmyadmin_2.9.0.2-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFLPdHJdKMxZV9WM8RAkoXAKC5yeAli535YE6DyeYT7uoRXN2PhQCfZRwJ
vi6KjjqmUL/8iGQJNHxekrA=
=7C5P
-----END PGP SIGNATURE-----

--- End Message ---

Bug#378681: marked as done (diff for 4:2.8.2-0.1 NMU)

Reply via email to