[oe] [meta-oe] [PATCH] phpmyadmin: CVE-2015-8669

Jian Liu Wed, 20 Jan 2016 01:36:46 -0800

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12,
4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers
to obtain sensitive information via a crafted request, which reveals
the full path in an error message.


This patch is from 
https://github.com/phpmyadmin/phpmyadmin/commit/c4d649325b25139d7c097e56e2e46cc7187fae45

Signed-off-by: Jian Liu <[email protected]>
---
 .../phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch | 16 ++++++++++++++++
 .../recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb         |  4 +++-
 2 files changed, 19 insertions(+), 1 deletion(-)
 create mode 100644 
meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch

diff --git 
a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
 
b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
new file mode 100644
index 0000000..c19996f
--- /dev/null
+++ 
b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
@@ -0,0 +1,18 @@
+[Security] Path disclosure, see PMASA-2015-6
+
+Upstream-Status: Bacport
+
+Signed-off-by: Marc Delisle <[email protected]>
+
+diff -Nur 
phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php 
phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php
+--- phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php    
2016-01-20 15:11:15.410106888 +0800
++++ phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php 
2016-01-20 15:14:05.758108076 +0800
+@@ -11,7 +11,7 @@
+  */
+ 
+ if (!function_exists('__')) {
+-    PMA_fatalError('Bad invocation!');
++    exit();
+ }
+ 
+ $strConfigAllowArbitraryServer_desc = __(
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb 
b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
index 9297d0c..b8faf12 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = 
"file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 
 SRC_URI = 
"https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz
 \
            file://Port-content-spoofing-fix-CVE-2015-7873.patch \
-           file://apache.conf"
+           file://apache.conf \
+           file://phpmyadmin-CVE-2015-8669.patch \
+"
 
 SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"
 SRC_URI[sha256sum] = 
"d2e90ea486d90b4ebe5eb02d7ad349ad2916c12a8981f98553395ef78d22a8ec"
-- 
1.9.1

-- 
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

[oe] [meta-oe] [PATCH] phpmyadmin: CVE-2015-8669

Reply via email to