phpMyAdmin 4.9.4 has been released today (January 8), fixing some regressions in the last update as well as a new security issue: https://www.phpmyadmin.net/news/2020/1/8/phpmyadmin-494-and-501-are-released/ https://www.phpmyadmin.net/security/PMASA-2020-1/
Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. References: https://www.phpmyadmin.net/news/2020/1/8/phpmyadmin-494-and-501-are-released/ https://www.phpmyadmin.net/security/PMASA-2020-1/ ======================== Updated packages in core/updates_testing: ======================== phpmyadmin-4.9.4-1.mga7.noarch.rpm Source RPMs: phpmyadmin-4.9.4-1.mga7.src.rpm
Assignee: mageia => qa-bugs
Installed and tested without issues. Tested local and remote servers. No regressions. System: Mageia 7, x86_64, Apache, MariaDB, Firefox, Chromium, Intel CPU. $ uname -a Linux marte 5.4.6-desktop-2.mga7 #1 SMP Mon Dec 23 12:05:27 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q phpmyadmin apache mariadb phpmyadmin-4.9.4-1.mga7 apache-2.4.41-1.2.mga7 mariadb-10.3.20-1.mga7
CC: (none) => mageia
Whiteboard: (none) => MGA7-64-OK
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0033.html
Status: NEW => RESOLVEDResolution: (none) => FIXED