Upstream has released version 4.7.0 on March 29: https://www.phpmyadmin.net/news/2017/3/29/phpmyadmin-470-released/ It fixes one security issue: https://www.phpmyadmin.net/security/PMASA-2017-8/ In Cauldron it should be updated to 4.7.0, since 4.6.x is no longer supported. In Mageia 5, it can probably be patched (commit links for the security fix are in the PMASA).
Whiteboard: (none) => MGA5TOO
4.7.0 gone to cauldron, now this bug is about MGA5. I have rediffed the patch for version 4.0. Suggested Advisory: ======================== Updated phpmyadmin package fixes security vulnerability: A vulnerability was discovered where the restrictions caused by $cfg['Servers'][$i]['AllowNoPassword'] = false are bypassed under certain PHP versions. This can allow the login of users who have no password set even if the administrator has set $cfg['Servers'][$i]['AllowNoPassword'] to false (which is also the default). https://www.phpmyadmin.net/security/PMASA-2017-8/ Updated packages in core/updates_testing: ======================== phpmyadmin-4.4.15.10-2.mga5 from phpmyadmin-4.4.15.10-2.mga5.src.rpm
Status: NEW => ASSIGNEDCC: (none) => lists.jjorgeVersion: Cauldron => 5Assignee: lists.jjorge => qa-bugs
Whiteboard: MGA5TOO => (none)
Couldn't figure out how to recreate the issue with 4.4.15.10-1, so just testing that the update installs cleanly, and adding dropping sql objects with the updated phpmyadmin works. Validating the update.
Keywords: (none) => validated_updateWhiteboard: (none) => advisory MGA5-64-OK MGA5-32-OKCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0100.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED