phpMyAdmin 4.8.4 has been released on December 11, fixing security issues: https://www.phpmyadmin.net/news/2018/12/11/security-fix-phpmyadmin-484-released/ https://www.phpmyadmin.net/security/PMASA-2018-6/ https://www.phpmyadmin.net/security/PMASA-2018-7/ https://www.phpmyadmin.net/security/PMASA-2018-8/ Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
yepp, but phpmyadmin >4.8.0 only supports php >7 I'll have to look if we can adapt the patches...
CC: (none) => mageia
ok, I'll patch CVE-2018-19970, CVE-2018-19968, waiting for admins to remove testpackage of 4.8.3 from updates testing.
Patched phpmyadmin packages to fix security vulnerabilities: - XSS vulnerability in navigation tree was discovered - Local file inclusion through transformation feature References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19970 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19968 https://www.phpmyadmin.net/security/PMASA-2018-6/ https://www.phpmyadmin.net/security/PMASA-2018-8/ ======================== Updated packages in core/updates_testing: ======================== phpmyadmin-4.7.8-3.mga6.noarch.rpm Source RPMs: phpmyadmin-4.7.8-3.mga6.src.rpm
Version: Cauldron => 6Whiteboard: MGA6TOO => (none)Assignee: php => qa-bugs
MGA6-32 MATE on IBM Thinkpad R50e No installation issues. Checked httpd and mysqld are running. Point to http://localhost/phpmyadmin/ , delete previous test database, create a new one, create a new table in it. Closed phpmyadmin and opened it again. All OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Thanks yet again, Herman. Validating; & advisory from comment 3.
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0486.html
Status: NEW => RESOLVEDResolution: (none) => FIXED