| Summary: | Backport Request: Update phpmyadmin to 4.8.0.1 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Marc Krämer <mageia> |
| Component: | Backports | Assignee: | Marc Krämer <mageia> |
| Status: | RESOLVED WONTFIX | QA Contact: | |
| Severity: | enhancement | ||
| Priority: | Normal | CC: | lists.jjorge, luigiwalser, marja11 |
| Version: | 6 | Keywords: | Backport |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | phpmyadmin-4.7.8-1.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
Marc Krämer
2018-05-09 12:20:02 CEST
(In reply to Marc Krämer from comment #0) > As usual there are many fixes and security enhancements (no eval, no inline > js). CC:
(none) =>
lists.jjorge, luigiwalser, marja11
Marc Krämer
2018-05-10 00:41:27 CEST
Assignee:
php =>
mageia The security fix is for an issue that was introduced in 4.8.0, so an update for Mageia 6 isn't needed. true David. I should better put it in backports. phpmyadmin-4.8.0.1-2.mga6.src.rpm Keywords:
(none) =>
Backport Suggested advisory: ======================== Backported phpmyadmin package to the latest release. This backport has some security enhancements, as php does not need to have eval enabled. As all JS-inline scripts have been removed, it is save to turn on Content Security Policy for phpmyadmin, which adds additional protection against XSS vulnerabilities. Updated packages in core/backports_testing: ======================== phpmyadmin-4.8.0.1-2.mga6.noarch.rpm Source RPMs: phpmyadmin-4.8.0.1-2.mga6.src.rpm After some testing, I have to refuse my own backport request. Status:
NEW =>
RESOLVED |