FEDORA-EPEL-2016-2a457c3d5b created by robert 3 years ago for Fedora EPEL 5
stable

phpMyAdmin 4.0.10.14 (2016-01-29)

  • Error with PMA 4.0.10.13 with PHP 5.2

phpMyAdmin 4.0.10.13 (2016-01-28)

  • [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
  • [Security] Unsafe generation of CSRF token, see PMASA-2016-2
  • [Security] Multiple XSS vulnerabilities, see PMASA-2016-3
  • [Security] Insecure password generation in JavaScript, see PMASA-2016-4
  • [Security] Unsafe comparison of CSRF token, see PMASA-2016-5
This update has been submitted for testing by robert. 3 years ago
User Icon nijel provided feedback 3 years ago
karma
User Icon robert commented & provided feedback 3 years ago

nijel, RHEL/CentOS 5 ships PHP >= 5.3. May you please explain why you reference a PHP 5.2 related issue here without any further comment?

User Icon nijel commented & provided feedback 3 years ago

There will be soon followup release fixing that, so it might be good idea to postpone testing and wait for it...

robert edited this update. 3 years ago
robert edited this update. New build(s): - phpMyAdmin4-4.0.10.14-1.el5 Removed build(s): - phpMyAdmin4-4.0.10.13-1.el5 3 years ago
This update has been submitted for testing by robert. 3 years ago
This update has been pushed to testing. 3 years ago
This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes 3 years ago
This update has been submitted for stable by robert. 3 years ago
This update has been pushed to stable. 3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1302676 CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1)
0
0
BZ#1302677 CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2)
0
0
BZ#1302679 CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3)
0
0
BZ#1302680 CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4)
0
0
BZ#1302681 CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5)
0
0
BZ#1302791 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [epel-all]
0
0

Automated Test Results