Upstream has released new versions on January 23: https://www.phpmyadmin.net/news/2017/1/23/phpmyadmin-466-441510-and-401019-are-released/ Several security issues have been fixed yet again, but CVEs are still pending. Freeze push requested for Cauldron. Updated package uploaded for Mageia 5. Advisory to come later. Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=12834#c7 https://bugs.mageia.org/show_bug.cgi?id=14208#c6 References: https://www.phpmyadmin.net/security/PMASA-2017-1/ https://www.phpmyadmin.net/security/PMASA-2017-2/ https://www.phpmyadmin.net/security/PMASA-2017-3/ https://www.phpmyadmin.net/security/PMASA-2017-4/ https://www.phpmyadmin.net/security/PMASA-2017-6/ https://www.phpmyadmin.net/security/PMASA-2017-7/ https://www.phpmyadmin.net/files/4.4.15.10/ https://www.phpmyadmin.net/news/2017/1/23/phpmyadmin-466-441510-and-401019-are-released/ Source RPM: phpmyadmin-4.4.5.10-1.mga5.src.rpm
Whiteboard: (none) => has_procedure
Testing 5_64 phpmyadmin-4.4.15.10-1.mga5 [NOT 4.4.5.10-1] Used the https://bugs.mageia.org/show_bug.cgi?id=14208#c6 procedure, part (C) only as I already had this installed & configured. Used Firefox. Used phpmyadmin additionally to look at a few existing tables in other databases. No problems noted, OK. [In fact I had a problem probably associated with use of phpmyadmin: As root, I created a test user on '%' (all hosts), logged out; and tried - but failed - to login as that test user. Had to login again as root to do the subsequent manipulations.]
Whiteboard: has_procedure => has_procedure MGA5664-OKCC: (none) => lewyssmith
Whiteboard: has_procedure MGA5664-OK => has_procedure MGA5-64-OK
In VirtualBox, M5, KDE, 32-bit Package(s) under test: mariadb phpmyadmin default install of mariadb & phpmyadmin [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.28-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.9-1.mga5.noarch is already installed start mysqladmin, set password to "mytest" open http://localhost/phpmyadmin/ create new database called test01. Close browser. Successfully reopen: http://localhost/phpmyadmin/ install phpmyadmin from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.28-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.10-1.mga5.noarch is already installed open http://localhost/phpmyadmin/ create new database called test02. Close browser. Successfully reopen: http://localhost/phpmyadmin/ I can access db's test01 & test02
CC: (none) => wilcal.int
Whiteboard: has_procedure MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK
This update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
(In reply to David Walser from comment #0) > Advisory to come later. When you are able to, David. TIA
Removing the validated_update keyword until there is an advisory available in this bugzilla report, to be added to svn, so it won't interfere with the script used to push validated updates.
CC: (none) => davidwhodginsKeywords: validated_update => (none)
It doesn't interfere with the script, it just skips over it. The only time it'd be a problem would be if there was an old advisory in SVN that needed to be updated. Having it validated makes it stand out more that I need to add an advisory.
Keywords: (none) => validated_update
Ah. Ok. I was under the impression it did. Thanks for the clarification.
Advisory: ======================== Updated phpmyadmin package fixes security vulnerabilities: Multiple vulnerabilities in setup script (CVE-2016-6621 / PMASA-2016-44). Open redirect (PMASA-2017-1). php-gettext code execution (CVE-2015-8980 / PMASA-2017-2). DOS vulnerability in table editing (PMASA-2017-3). CSS injection in themes (PMASA-2017-4). SSRF in replication (PMASA-2017-6). DOS in replication status (PMASA-2017-7). References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8980 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6621 https://www.phpmyadmin.net/security/PMASA-2016-44/ https://www.phpmyadmin.net/security/PMASA-2017-1/ https://www.phpmyadmin.net/security/PMASA-2017-2/ https://www.phpmyadmin.net/security/PMASA-2017-3/ https://www.phpmyadmin.net/security/PMASA-2017-4/ https://www.phpmyadmin.net/security/PMASA-2017-6/ https://www.phpmyadmin.net/security/PMASA-2017-7/ https://www.phpmyadmin.net/files/4.4.15.10/ https://www.phpmyadmin.net/news/2017/1/23/phpmyadmin-466-441510-and-401019-are-released/ https://lists.opensuse.org/opensuse-updates/2017-02/msg00015.html
Whiteboard: has_procedure MGA5-32-OK MGA5-64-OK => has_procedure MGA5-32-OK MGA5-64-OK advisory
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0038.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
URL: (none) => https://lwn.net/Vulnerabilities/713569/