phpMyAdmin 4.8.4 has been released on December 11, fixing security issues:
Mageia 6 is also affected.
yepp, but phpmyadmin >4.8.0 only supports php >7
I'll have to look if we can adapt the patches...
ok, I'll patch CVE-2018-19970, CVE-2018-19968, waiting for admins to remove testpackage of 4.8.3 from updates testing.
Patched phpmyadmin packages to fix security vulnerabilities:
- XSS vulnerability in navigation tree was discovered
- Local file inclusion through transformation feature
Updated packages in core/updates_testing:
MGA6-32 MATE on IBM Thinkpad R50e
No installation issues.
Checked httpd and mysqld are running.
Point to http://localhost/phpmyadmin/ , delete previous test database, create a new one, create a new table in it.
Closed phpmyadmin and opened it again. All OK.
Thanks yet again, Herman. Validating; & advisory from comment 3.
An update for this issue has been pushed to the Mageia Updates repository.