Bug 23010 - Backport Request: Update phpmyadmin to 4.8.0.1
Summary: Backport Request: Update phpmyadmin to 4.8.0.1
Status: RESOLVED WONTFIX
Alias: None
Product: Mageia
Classification: Unclassified
Component: Backports (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal enhancement
Target Milestone: ---
Assignee: Marc Krämer
QA Contact:
URL:
Whiteboard:
Keywords: Backport
Depends on:
Blocks:
 
Reported: 2018-05-09 12:20 CEST by Marc Krämer
Modified: 2018-05-13 11:20 CEST (History)
3 users (show)

See Also:
Source RPM: phpmyadmin-4.7.8-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description Marc Krämer 2018-05-09 12:20:02 CEST
As usual there are many fixes and security enhancements (no eval, no inline js).
Comment 1 Marja Van Waes 2018-05-09 22:49:01 CEST
(In reply to Marc Krämer from comment #0)
> As usual there are many fixes and security enhancements (no eval, no inline
> js).

Assignee: bugsquad => php
CC: (none) => lists.jjorge, luigiwalser, marja11

Marc Krämer 2018-05-10 00:41:27 CEST

Assignee: php => mageia

Comment 2 David Walser 2018-05-10 04:38:10 CEST
The security fix is for an issue that was introduced in 4.8.0, so an update for Mageia 6 isn't needed.
Comment 3 Marc Krämer 2018-05-10 15:33:18 CEST
true David. I should better put it in backports.
Comment 4 Marc Krämer 2018-05-11 13:57:48 CEST
phpmyadmin-4.8.0.1-2.mga6.src.rpm

Keywords: (none) => Backport
Severity: normal => enhancement
Component: RPM Packages => Backports
Summary: Update phpmyadmin to 4.8.0.1 => Backport Request: Update phpmyadmin to 4.8.0.1

Comment 5 Marc Krämer 2018-05-11 14:06:06 CEST
Suggested advisory:
========================

Backported phpmyadmin package to the latest release.

This backport has some security enhancements, as php does not need to have eval enabled. As all JS-inline scripts have been removed, it is save to turn on Content Security Policy for phpmyadmin, which adds additional protection against XSS vulnerabilities.


Updated packages in core/backports_testing:
========================
phpmyadmin-4.8.0.1-2.mga6.noarch.rpm

Source RPMs: 
phpmyadmin-4.8.0.1-2.mga6.src.rpm
Comment 6 Marc Krämer 2018-05-13 11:20:47 CEST
After some testing, I have to refuse my own backport request.

Resolution: (none) => WONTFIX
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.