Re: phpMyAdmin: security bugs
Hello Paul, On Wed, 09 Oct 2013, Paul Wouters wrote: I'm not a really user of phpMyAdmin so if someone who actually uses this package wishes to take maintainership, please do! you noticed, that you pushed yet another version of phpMyAdmin with a *.swf file that is somehow proprietary because we do not build the *.swf from source? I as the package maintainer of phpMyAdmin would have expected that you also are getting in touch with me at all - I can not find any e-mail in my mailbox from you... :-( Anyway, thank you for solving this security issue. And also thank you that you were the guy uploading and building package - after all the package owners/maintainers were noticed about *.swf files in their packages... ;-) On the other hand, I would like to ask you to revisit e.g. RHBZ#959946 [1] before asking others to step up as maintainers for phpMyAdmin. So there is enough work left, before any other (especially non-security) phpMyAdmin update should happen. [1] https://bugzilla.redhat.com/show_bug.cgi?id=959946 Greetings, Robert pgpclRLKj0mc7.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
On Sat, 19 Oct 2013, Reindl Harald wrote: and as user i am asking you as phpMyAdmin maintainer why are you not keep the package up-to-date - they have a mailing list with release announcements, however i maintain my personal one It would make more sense to help *solving* the open issues rather just complaining - I did lots of phpMyAdmin security updates so far over the years and it was not less as you surely know. And as you obviously have packaging knowledge, I ask you to actively help - and only not removing phpMyAdmin functionalities, translations and features...because this is what your posted *.spec file is actually doing, sorry. Greetings, Robert pgp4zWylBmWjQ.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
On Sáb, 2013-10-19 at 22:04 +0200, Robert Scheck wrote: On Wed, 09 Oct 2013, Paul Wouters wrote: I'm not a really user of phpMyAdmin so if someone who actually uses this package wishes to take maintainership, please do! I use often and for me is an essential tool, I wish be maintainer of the package , I already requested commit permissions in acls , but nothing happen until now . Thanks, -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
Hello Sérgio, On Sat, 19 Oct 2013, Sérgio Basto wrote: I use often and for me is an essential tool, I wish be maintainer of the package , I already requested commit permissions in acls , but nothing happen until now . can you please provide any patches for review (e.g. via RHBZ) before just applying for maintainship? Except for Remi Collet (packaging tcpdf) and Anshu Prateek (flashcanvas), nobody contacted me directly or indirectly - nor did I get any real help (like patch suggestions) so far. Again, the phpMyAdmin to 4.0.x is not just bumping the version number to 4.0.x as everybody seems to expect. Unfortunately phpMyAdmin bundles some more libraries nowadays and the *.swf issue was introduced by accident in former times, see also RHBZ#959946 for a list of bundled libraries. Greetings, Robert pgpUjDIF_j2RL.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
Hello, On Sat, 19 Oct 2013, Reindl Harald wrote: what is needed to be resolved? my SPEC file is removing all the things i do not need and not things with bugs to solve - the reason why i build it myself honestly since years is that the fedora packages are way too often outdated if you would be fair and compare my GIT commit or the Fedora Bodhi update timestamps, you would note that this is not true, neither for Fedora, nor for Fedora EPEL. The update of phpMyAdmin happened usually between a few less minutes after the upstream announcement or at latest a few less days after. Neither nor can be IMHO treated as often outdated. If you complain that the package usually takes 7-14 days to enter Fedora stable repository, then you are right. But I also can not remember, that you *ever* added some karma in Bodhi for phpMyAdmin. Nor can I remember that you ever filed a RHBZ complaining about a non up-to-date phpMyAdmin. Please think about that...before complaining about my efforts over years now. the rpm-SPEC does not more and not less than package the upstream source in a rpmpackage as it is Just have a look to your rm(1) calls: Some of the stuff that you are just removing for your own package needs to be unbundled for Fedora. And that means that these libraries/software need to be packaged as own RPMs. And crippling phpMyAdmin by just removing functionalities does not help users, too. Users are using phpMyAdmin due its tons of functionalities like the PDF export for example. Greetings, Robert pgpDtqbZazegT.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
Am 19.10.2013 22:27, schrieb Robert Scheck: On Sat, 19 Oct 2013, Reindl Harald wrote: and as user i am asking you as phpMyAdmin maintainer why are you not keep the package up-to-date - they have a mailing list with release announcements, however i maintain my personal one It would make more sense to help *solving* the open issues rather just complaining - I did lots of phpMyAdmin security updates so far over the years and it was not less as you surely know. And as you obviously have packaging knowledge, I ask you to actively help - and only not removing phpMyAdmin functionalities, translations and features...because this is what your posted *.spec file is actually doing, sorry. what is needed to be resolved? my SPEC file is removing all the things i do not need and not things with bugs to solve - the reason why i build it myself honestly since years is that the fedora packages are way too often outdated the rpm-SPEC does not more and not less than package the upstream source in a rpmpackage as it is signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
Am 19.10.2013 22:04, schrieb Robert Scheck: On Wed, 09 Oct 2013, Paul Wouters wrote: I'm not a really user of phpMyAdmin so if someone who actually uses this package wishes to take maintainership, please do! you noticed, that you pushed yet another version of phpMyAdmin with a *.swf file that is somehow proprietary because we do not build the *.swf from source? I as the package maintainer of phpMyAdmin would have expected that you also are getting in touch with me at all - I can not find any e-mail in my mailbox from you... :-( and as user i am asking you as phpMyAdmin maintainer why are you not keep the package up-to-date - they have a mailing list with release announcements, however i maintain my personal one Jan 15 17:36:37 Updated: phpMyAdmin-3.5.5-2.fc18.20130115.rh.noarch Jan 26 21:22:55 Updated: phpMyAdmin-3.5.5-2.fc18.20130126.rh.noarch Jan 28 14:11:30 Updated: phpMyAdmin-3.5.6-2.fc18.20130128.rh.noarch Jan 28 14:43:24 Updated: phpMyAdmin-3.5.6-4.fc18.20130128.rh.noarch Feb 15 20:39:55 Updated: phpMyAdmin-3.5.7-4.fc18.20130215.rh.noarch Mar 01 14:41:13 Installed: phpMyAdmin-3.5.7-4.fc18.20130215.rh.noarch Mar 19 23:04:15 Updated: phpMyAdmin-3.5.7-5.fc18.20130319.rh.noarch Mar 21 16:06:14 Updated: phpMyAdmin-3.5.7-5.fc18.20130321.rh.noarch Apr 06 23:51:41 Updated: phpMyAdmin-3.5.7-6.fc18.20130406.rh.noarch Apr 06 23:58:09 Updated: phpMyAdmin-3.5.7-7.fc18.20130406.rh.noarch Apr 07 00:00:53 Updated: phpMyAdmin-3.5.7-10.fc18.20130407.rh.noarch Apr 07 00:03:49 Updated: phpMyAdmin-3.5.7-11.fc18.20130407.rh.noarch Apr 08 14:36:14 Updated: phpMyAdmin-3.5.8-2.fc18.20130408.rh.noarch Apr 20 01:16:35 Updated: phpMyAdmin-3.5.8-2.fc18.20130420.rh.noarch Apr 24 22:13:58 Updated: phpMyAdmin-3.5.8.1-2.fc18.20130424.rh.noarch May 04 18:15:22 Updated: phpMyAdmin-4.0.0-4.fc18.20130504.rh.noarch May 04 20:14:16 Updated: phpMyAdmin-4.0.0-5.fc18.20130504.rh.noarch May 05 15:15:38 Updated: phpMyAdmin-4.0.0-10.fc18.20130505.rh.noarch May 05 20:05:06 Updated: phpMyAdmin-4.0.0-11.fc18.20130505.rh.noarch May 05 20:13:59 Updated: phpMyAdmin-4.0.0-12.fc18.20130505.rh.noarch May 05 20:22:20 Updated: phpMyAdmin-4.0.0-13.fc18.20130505.rh.noarch May 05 20:25:53 Updated: phpMyAdmin-4.0.0-14.fc18.20130505.rh.noarch May 05 20:31:02 Updated: phpMyAdmin-4.0.0-15.fc18.20130505.rh.noarch May 05 20:56:06 Updated: phpMyAdmin-4.0.0-16.fc18.20130505.rh.noarch May 07 13:47:48 Updated: phpMyAdmin-4.0.0-17.fc18.20130507.rh.noarch May 11 01:13:13 Updated: phpMyAdmin-4.0.0-17.fc18.20130511.rh.noarch May 15 14:33:36 Updated: phpMyAdmin-4.0.1-5.fc18.20130515.rh.noarch May 25 02:19:13 Updated: phpMyAdmin-4.0.2-5.fc18.20130525.rh.noarch May 26 03:05:50 Updated: phpMyAdmin-4.0.2-5.fc18.20130526.rh.noarch Jun 05 13:06:11 Updated: phpMyAdmin-4.0.3-2.fc18.20130605.rh.noarch Jun 17 22:22:46 Updated: phpMyAdmin-4.0.4-2.fc18.20130617.rh.noarch Jun 30 01:39:34 Updated: phpMyAdmin-4.0.4-2.fc18.20130630.rh.noarch Jun 30 20:25:20 Updated: phpMyAdmin-4.0.4.1-2.fc18.20130630.rh.noarch Jul 08 20:45:15 Updated: phpMyAdmin-4.0.4.1-3.fc18.20130708.rh.noarch Jul 14 11:40:29 Installed: phpMyAdmin-4.0.4.1-3.fc18.20130708.rh.noarch Jul 28 20:11:25 Updated: phpMyAdmin-4.0.4.2-2.fc18.20130728.rh.noarch Jul 29 13:27:10 Updated: phpMyAdmin-4.0.4.2-2.fc18.20130729.rh.noarch Aug 04 12:58:08 Updated: phpMyAdmin-4.0.5-3.fc18.20130804.rh.noarch Sep 10 14:38:33 Updated: phpMyAdmin-4.0.5-3.fc19.20130804.rh.noarch Sep 11 16:44:40 Updated: phpMyAdmin-4.0.5-3.fc19.20130911.rh.noarch Sep 15 14:36:45 Updated: phpMyAdmin-4.0.5-3.fc19.20130915.rh.noarch Sep 17 15:42:33 Updated: phpMyAdmin-4.0.6-3.fc19.20130917.rh.noarch Sep 19 23:30:40 Updated: phpMyAdmin-4.0.6-3.fc19.20130919.rh.noarch Sep 24 10:01:39 Updated: phpMyAdmin-4.0.7-3.fc19.20130924.rh.noarch Sep 28 03:40:35 Updated: phpMyAdmin-4.0.7-3.fc19.20130928.rh.noarch Sep 28 04:02:11 Updated: phpMyAdmin-4.0.7-4.fc19.20130928.rh.noarch Sep 28 12:22:37 Installed: phpMyAdmin-4.0.7-4.fc19.20130928.rh.noarch Sep 28 12:23:35 Installed: phpMyAdmin-4.0.7-4.fc19.20130928.rh.noarch Sep 28 12:43:21 Updated: phpMyAdmin-4.0.7-5.fc19.20130928.rh.noarch Sep 28 12:48:41 Installed: phpMyAdmin-4.0.7-5.fc19.20130928.rh.noarch Sep 28 12:49:30 Installed: phpMyAdmin-4.0.7-5.fc19.20130928.rh.noarch Sep 28 12:53:44 Updated: phpMyAdmin-4.0.7-6.fc19.20130928.rh.noarch Sep 28 12:55:13 Installed: phpMyAdmin-4.0.7-6.fc19.20130928.rh.noarch Oct 06 16:25:37 Updated: phpMyAdmin-4.0.8-2.fc19.20131006.rh.noarch Oct 06 20:58:52 Updated: phpMyAdmin-4.0.8-3.fc19.20131006.rh.noarch Oct 06 21:01:07 Installed: phpMyAdmin-4.0.8-3.fc19.20131006.rh.noarch Oct 15 11:28:20 Updated: phpMyAdmin-4.0.8-3.fc19.20131015.rh.noarch Oct 16 21:30:12 Updated: phpMyAdmin-4.0.8-3.fc19.20131016.rh.noarch Oct 17 21:44:23 Updated: phpMyAdmin-4.0.8-3.fc19.20131017.rh.noarch Oct 19 22:13:09 Updated: phpMyAdmin-4.0.8-3.fc19.20131019.rh.noarch [builduser@testserver:/rpmbuild/SPECS]$ cat phpMyAdmin.spec Name: phpMyAdmin Version: 4.0.8 Release: 3%{?dist}
Re: phpMyAdmin: security bugs
On Sáb, 2013-10-19 at 22:45 +0200, Robert Scheck wrote: Hello Sérgio, On Sat, 19 Oct 2013, Sérgio Basto wrote: I use often and for me is an essential tool, I wish be maintainer of the package , I already requested commit permissions in acls , but nothing happen until now . can you please provide any patches for review (e.g. via RHBZ) before just applying for maintainship? Except for Remi Collet (packaging tcpdf) and Anshu Prateek (flashcanvas), nobody contacted me directly or indirectly - nor did I get any real help (like patch suggestions) so far. Hi, I could help , where I wrote about bundles of tcpdf made by Remi ? I don't find it ! you already have a propose to update to 4.0.x in http://anshprat.fedorapeople.org/rhbz959946/c12/ Again, the phpMyAdmin to 4.0.x is not just bumping the version number to 4.0.x as everybody seems to expect. Unfortunately phpMyAdmin bundles some more libraries nowadays and the *.swf issue was introduced by accident in former times, see also RHBZ#959946 for a list of bundled libraries. -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
On Sáb, 2013-10-19 at 22:16 +0200, Reindl Harald wrote: Am 19.10.2013 22:04, schrieb Robert Scheck: On Wed, 09 Oct 2013, Paul Wouters wrote: I'm not a really user of phpMyAdmin so if someone who actually uses this package wishes to take maintainership, please do! you noticed, that you pushed yet another version of phpMyAdmin with a *.swf file that is somehow proprietary because we do not build the *.swf from source? I as the package maintainer of phpMyAdmin would have expected that you also are getting in touch with me at all - I can not find any e-mail in my mailbox from you... :-( and as user i am asking you as phpMyAdmin maintainer why are you not keep the package up-to-date - they have a mailing list with release announcements, however i maintain my personal one Hi, could you post or send to me a src.rpm of your updated packaged ? please ! Thanks, -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
On Sáb, 2013-10-19 at 22:23 +0100, Sérgio Basto wrote: On Sáb, 2013-10-19 at 22:45 +0200, Robert Scheck wrote: Hello Sérgio, On Sat, 19 Oct 2013, Sérgio Basto wrote: I use often and for me is an essential tool, I wish be maintainer of the package , I already requested commit permissions in acls , but nothing happen until now . can you please provide any patches for review (e.g. via RHBZ) before just applying for maintainship? Except for Remi Collet (packaging tcpdf) and Anshu Prateek (flashcanvas), nobody contacted me directly or indirectly - nor did I get any real help (like patch suggestions) so far. Hi, I could help , where I wrote about bundles of tcpdf made by Remi ? I don't find it ! I found it https://bugzilla.redhat.com/show_bug.cgi?id=548260 you already have a propose to update to 4.0.x in http://anshprat.fedorapeople.org/rhbz959946/c12/ Again, the phpMyAdmin to 4.0.x is not just bumping the version number to 4.0.x as everybody seems to expect. Unfortunately phpMyAdmin bundles some more libraries nowadays and the *.swf issue was introduced by accident in former times, see also RHBZ#959946 for a list of bundled libraries. -- Sérgio M. B. -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
Am 19.10.2013 23:26, schrieb Sérgio Basto: On Sáb, 2013-10-19 at 22:16 +0200, Reindl Harald wrote: Am 19.10.2013 22:04, schrieb Robert Scheck: On Wed, 09 Oct 2013, Paul Wouters wrote: I'm not a really user of phpMyAdmin so if someone who actually uses this package wishes to take maintainership, please do! you noticed, that you pushed yet another version of phpMyAdmin with a *.swf file that is somehow proprietary because we do not build the *.swf from source? I as the package maintainer of phpMyAdmin would have expected that you also are getting in touch with me at all - I can not find any e-mail in my mailbox from you... :-( and as user i am asking you as phpMyAdmin maintainer why are you not keep the package up-to-date - they have a mailing list with release announcements, however i maintain my personal one Hi, could you post or send to me a src.rpm of your updated packaged? not really because it contains distributed configurations and no longer confignoreplace files, but earlier in the thread i posted my SPEC i decided long ago to strip down the package and include our configurations using php_uname() to have a config.inc.php for all servers which behaves correctly and allows root only from specific IP addresses signature.asc Description: OpenPGP digital signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
Hello Sérgio, On Sat, 19 Oct 2013, Sérgio Basto wrote: you already have a propose to update to 4.0.x in http://anshprat.fedorapeople.org/rhbz959946/c12/ do not only read https://bugzilla.redhat.com/show_bug.cgi?id=959946#c12 but also the other comments below - please. Greetings, Robert pgp3I7xdiLQxK.pgp Description: PGP signature -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
On Sat, 19 Oct 2013, Robert Scheck wrote: On Wed, 09 Oct 2013, Paul Wouters wrote: I'm not a really user of phpMyAdmin so if someone who actually uses this package wishes to take maintainership, please do! you noticed, that you pushed yet another version of phpMyAdmin with a *.swf file that is somehow proprietary because we do not build the *.swf from source? I as the package maintainer of phpMyAdmin would have expected that you also are getting in touch with me at all - I can not find any e-mail in my mailbox from you... :-( I'd have to check if I mailed you. I did post publicly to the devel list. All I did was bump the release a minor number and some sanity checks and put it in updates-testing for people to test. I would assume the maintainer would notice this in a couple of days. If you are making changes from the original source ball, you should really make a note of that in the spec file so others are aware of this. Look at the openssl tarball for an example of how to store modified from upstream tar balls into the fedora repository. The tarball is renamed to clearly indicate it is modified from upstream. Anyway, thank you for solving this security issue. And also thank you that you were the guy uploading and building package - after all the package owners/maintainers were noticed about *.swf files in their packages... ;-) But it still took 10 days for you to notice? phpMyAdmin is unfortunately not very robust yet deployed everywhere without additional .htaccess around it. It's often abused for compromising servers. On the other hand, I would like to ask you to revisit e.g. RHBZ#959946 [1] before asking others to step up as maintainers for phpMyAdmin. So there is enough work left, before any other (especially non-security) phpMyAdmin update should happen. I was under the impression the maintainer was MIA. What I meant to convey was I'm not a good maintainer for this package, because I don't use it. So I was mostly saying I do not wish to be the maintainer. And I was surely not going to bump the major version in a package that I do not deploy in production (anymore) myself. So please interpret my request as only to signifiy that I did not want to be a maintainer. Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
On Sáb, 2013-10-19 at 23:49 +0200, Robert Scheck wrote: Hello Sérgio, On Sat, 19 Oct 2013, Sérgio Basto wrote: you already have a propose to update to 4.0.x in http://anshprat.fedorapeople.org/rhbz959946/c12/ do not only read https://bugzilla.redhat.com/show_bug.cgi?id=959946#c12 but also the other comments below - please. Yeah , I see that we have work in progress, lots of work and you are not stopped. My mistake, by impression of the list of related bugs with phpMyAdmin. Yours SecurityTracking bugs are a cool feature, but looks as an open bug :) . Shouldn't be closed ? when all blockers are closed, and reopened when a new security ticket is opened . Thanks and best regards, -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
On Tue, 8 Oct 2013, Sérgio Basto wrote: 3.5.8.2 was released time ago with several bugs fixed: http://bugzilla.redhat.com/959946 Current version in Fedora Rawhide: 3.5.8.1 Welcome to phpMyAdmin 3.5.8.2, a security release. I updated all branches in fedora and epel to 3.5.8.2. These are now in updates-testing. Please test and give karma so we can push this into stable. Well bug says phpMyAdmin-4.0.8 is available, I think we need a new maintainer ... I'm not a really user of phpMyAdmin so if someone who actually uses this package wishes to take maintainership, please do! Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
phpMyAdmin: security bugs
hi, 3.5.8.2 was released time ago with several bugs fixed: http://bugzilla.redhat.com/959946 Current version in Fedora Rawhide: 3.5.8.1 Welcome to phpMyAdmin 3.5.8.2, a security release. 3.5.8.2 (2013-07-28) - [security] Fix self-XSS in Showing rows, see PMASA-2013-8 - [security] Fix self-XSS in Display chart, see PMASA-2013-9 - [security] Fix stored XSS in Server status monitor, see PMASA-2013-9 - [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9 - [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9 + [security] JSON content type header for version_check.php, see PMASA-2013-9 + [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9 + [security] Fix full path disclosure, see PMASA-2013-12 + [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15 + [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15 - [security] Fix self-XSS in schema export, see PMASA-2013-14 - [security] Fix unencoded json object, see PMASA-2013-11 -thanks- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Re: phpMyAdmin: security bugs
On Ter, 2013-10-08 at 21:02 +0200, Xose Vazquez Perez wrote: hi, 3.5.8.2 was released time ago with several bugs fixed: http://bugzilla.redhat.com/959946 Current version in Fedora Rawhide: 3.5.8.1 Welcome to phpMyAdmin 3.5.8.2, a security release. Well bug says phpMyAdmin-4.0.8 is available, I think we need a new maintainer ... -- Sérgio M. B. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct