Bug 20169

Testing 5_64

 phpmyadmin-4.4.15.10-1.mga5        [NOT 4.4.5.10-1]

Used the https://bugs.mageia.org/show_bug.cgi?id=14208#c6 procedure, part (C) only as I already had this installed & configured. Used Firefox.
Used phpmyadmin additionally to look at a few existing tables in other databases.
No problems noted, OK.

[In fact I had a problem probably associated with use of phpmyadmin: As root, I created a test user on '%' (all hosts), logged out; and tried - but failed - to login as that test user. Had to login again as root to do the subsequent manipulations.]

Whiteboard: has_procedure => has_procedure MGA5664-OK
CC: (none) => lewyssmith

In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
mariadb phpmyadmin

default install of mariadb & phpmyadmin

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.9-1.mga5.noarch is already installed

start mysqladmin, set password to "mytest"
open http://localhost/phpmyadmin/
create new database called test01. Close browser.
Successfully reopen: http://localhost/phpmyadmin/

install phpmyadmin from updates_testing

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.28-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.10-1.mga5.noarch is already installed

open http://localhost/phpmyadmin/
create new database called test02. Close browser.
Successfully reopen: http://localhost/phpmyadmin/
I can access db's test01 & test02

CC: (none) => wilcal.int

This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update

(In reply to David Walser from comment #0)
> Advisory to come later.
When you are able to, David. TIA

Removing the validated_update keyword until there is an advisory available in
this bugzilla report, to be added to svn, so it won't interfere with the script
used to push validated updates.

CC: (none) => davidwhodgins
Keywords: validated_update => (none)

It doesn't interfere with the script, it just skips over it.  The only time it'd be a problem would be if there was an old advisory in SVN that needed to be updated.  Having it validated makes it stand out more that I need to add an advisory.

Keywords: (none) => validated_update

Ah. Ok. I was under the impression it did. Thanks for the clarification.

Advisory:
========================

Updated phpmyadmin package fixes security vulnerabilities:

Multiple vulnerabilities in setup script (CVE-2016-6621 / PMASA-2016-44).

Open redirect (PMASA-2017-1).

php-gettext code execution (CVE-2015-8980 / PMASA-2017-2).

DOS vulnerability in table editing (PMASA-2017-3).

CSS injection in themes (PMASA-2017-4).

SSRF in replication (PMASA-2017-6).

DOS in replication status (PMASA-2017-7).

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8980
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6621
https://www.phpmyadmin.net/security/PMASA-2016-44/
https://www.phpmyadmin.net/security/PMASA-2017-1/
https://www.phpmyadmin.net/security/PMASA-2017-2/
https://www.phpmyadmin.net/security/PMASA-2017-3/
https://www.phpmyadmin.net/security/PMASA-2017-4/
https://www.phpmyadmin.net/security/PMASA-2017-6/
https://www.phpmyadmin.net/security/PMASA-2017-7/
https://www.phpmyadmin.net/files/4.4.15.10/
https://www.phpmyadmin.net/news/2017/1/23/phpmyadmin-466-441510-and-401019-are-released/
https://lists.opensuse.org/opensuse-updates/2017-02/msg00015.html

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0038.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED