23010 – Backport Request: Update phpmyadmin to 4.8.0.1

Bug 23010 - Backport Request: Update phpmyadmin to 4.8.0.1

Summary: Backport Request: Update phpmyadmin to 4.8.0.1

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Backports (show other bugs)
Version:	6
Hardware:	All Linux

Priority:	Normal Severity: enhancement
Target Milestone:	---
Assignee:	Marc Krämer
QA Contact:

URL:
Whiteboard:
Keywords:	Backport

Depends on:
Blocks:

Reported:	2018-05-09 12:20 CEST by Marc Krämer
Modified:	2018-05-13 11:20 CEST (History)
CC List:	3 users (show)

See Also:
Source RPM:	phpmyadmin-4.7.8-1.mga6.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc Krämer 2018-05-09 12:20:02 CEST

As usual there are many fixes and security enhancements (no eval, no inline js).

Comment 1 Marja Van Waes 2018-05-09 22:49:01 CEST

(In reply to Marc Krämer from comment #0)
> As usual there are many fixes and security enhancements (no eval, no inline
> js).

CC: (none) => lists.jjorge, luigiwalser, marja11
Assignee: bugsquad => php

Marc Krämer 2018-05-10 00:41:27 CEST

Assignee: php => mageia

Comment 2 David Walser 2018-05-10 04:38:10 CEST

The security fix is for an issue that was introduced in 4.8.0, so an update for Mageia 6 isn't needed.

Comment 3 Marc Krämer 2018-05-10 15:33:18 CEST

true David. I should better put it in backports.

Comment 4 Marc Krämer 2018-05-11 13:57:48 CEST

phpmyadmin-4.8.0.1-2.mga6.src.rpm

Keywords: (none) => Backport
Severity: normal => enhancement
Summary: Update phpmyadmin to 4.8.0.1 => Backport Request: Update phpmyadmin to 4.8.0.1
Component: RPM Packages => Backports

Comment 5 Marc Krämer 2018-05-11 14:06:06 CEST

Suggested advisory:
========================

Backported phpmyadmin package to the latest release.

This backport has some security enhancements, as php does not need to have eval enabled. As all JS-inline scripts have been removed, it is save to turn on Content Security Policy for phpmyadmin, which adds additional protection against XSS vulnerabilities.


Updated packages in core/backports_testing:
========================
phpmyadmin-4.8.0.1-2.mga6.noarch.rpm

Source RPMs: 
phpmyadmin-4.8.0.1-2.mga6.src.rpm

Comment 6 Marc Krämer 2018-05-13 11:20:47 CEST

After some testing, I have to refuse my own backport request.

Status: NEW => RESOLVED
Resolution: (none) => WONTFIX

Note You need to log in before you can comment on or make changes to this bug.