Hello community, here is the log from the commit of package phpMyAdmin for openSUSE:Factory checked in at 2016-02-01 19:56:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/phpMyAdmin (Old) and /work/SRC/openSUSE:Factory/.phpMyAdmin.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "phpMyAdmin" Changes: -------- --- /work/SRC/openSUSE:Factory/phpMyAdmin/phpMyAdmin.changes 2016-01-12 16:13:12.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.phpMyAdmin.new/phpMyAdmin.changes 2016-02-01 19:56:55.000000000 +0100 @@ -1,0 +2,23 @@ +Sat Jan 30 08:43:24 UTC 2016 - ec...@opensuse.org + +- update to 4.5.4.1 (2016-01-28) + - gh#11892 Error with PMA 4.4.15.3 + - gh#11896 Remove hard dependency on phpseclib + +------------------------------------------------------------------- +Thu Jan 28 18:20:05 UTC 2016 - astie...@suse.com + +- phpMyAdmin 4.5.4 + The followinng vulnerabilities were fixed: (boo#964024) + * CVE-2016-2038: Multiple full path disclosure vulnerabilities + * CVE-2016-2039: Unsafe generation of XSRF/CSRF token + * CVE-2016-2040: Multiple XSS vulnerabilities + * CVE-2016-1927: Insecure password generation in JavaScript + * CVE-2016-2041: Unsafe comparison of XSRF/CSRF token + * CVE-2016-2042: Multiple full path disclosure vulnerabilities + * CVE-2016-2043: XSS vulnerability in normalization page + * CVE-2016-2044: Full path disclosure vulnerability in SQL parser + * CVE-2016-2045: XSS vulnerability in SQL editor +- update upstream singing keyring + +------------------------------------------------------------------- Old: ---- phpMyAdmin-4.5.3.1-all-languages.tar.xz phpMyAdmin-4.5.3.1-all-languages.tar.xz.asc New: ---- phpMyAdmin-4.5.4.1-all-languages.tar.xz phpMyAdmin-4.5.4.1-all-languages.tar.xz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpMyAdmin.spec ++++++ --- /var/tmp/diff_new_pack.dVZWcj/_old 2016-02-01 19:56:56.000000000 +0100 +++ /var/tmp/diff_new_pack.dVZWcj/_new 2016-02-01 19:56:56.000000000 +0100 @@ -29,7 +29,7 @@ %define ap_grp nogroup %endif Name: phpMyAdmin -Version: 4.5.3.1 +Version: 4.5.4.1 Release: 0 Summary: Administration of MySQL over the web License: GPL-2.0+ @@ -37,7 +37,8 @@ Url: https://www.phpMyAdmin.net/ Source0: https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz Source1: https://files.phpmyadmin.net/phpMyAdmin/%{version}/%{name}-%{version}-all-languages.tar.xz.asc -Source2: %{name}.keyring +# http://docs.phpmyadmin.net/en/latest/setup.html#verifying-phpmyadmin-releases +Source2: https://files.phpmyadmin.net/phpmyadmin.keyring#/%{name}.keyring Source3: %{name}.http Source100: %{name}-rpmlintrc # Fix-SuSE: provide useful default config ++++++ phpMyAdmin-4.5.3.1-all-languages.tar.xz -> phpMyAdmin-4.5.4.1-all-languages.tar.xz ++++++ ++++ 5860 lines of diff (skipped) ++++++ phpMyAdmin.keyring ++++++ ++++ 8175 lines (skipped) ++++ between phpMyAdmin.keyring ++++ and /work/SRC/openSUSE:Factory/.phpMyAdmin.new/phpMyAdmin.keyring