Bug 31527 - phpmyadmin: update to latest version 5.2.1
Summary: phpmyadmin: update to latest version 5.2.1
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Reported: 2023-02-08 19:21 CET by Marc Krämer
Modified: 2023-02-15 17:57 CET (History)
4 users (show)

See Also:
Source RPM: phpmyadmin
CVE: PMASA-2023-01
Status comment:


Comment 1 Marc Krämer 2023-02-08 19:24:44 CET
Updated phpmyadmin fix some errors and add some improvements:

- issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
- issue #17519 Fix Export pages not working in certain conditions
- issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing
- issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page
- issue #17248 Support the UUID data type for MariaDB >= 10.7
- issue #16042 Fixes malformed downloads when using gzip compression type and FireFox browser
- Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks
- Fixes for JavaScript errors when using Designer
- Fixes for PHP 8.2 compatibility


Updated packages in core/updates_testing:


Assignee: mageia => qa-bugs

Comment 2 Marc Krämer 2023-02-08 19:27:59 CET
Found this too - but not much info about this. No CVE, ..

[security] Fix an XSS attack through the drag-and-drop upload feature (PMASA-2023-01)

CVE: (none) => PMASA-2023-01
QA Contact: (none) => security
Component: RPM Packages => Security

Comment 3 David Walser 2023-02-09 17:28:39 CET
Additional reference:
Comment 4 PC LX 2023-02-10 11:42:06 CET
Installed and tested without issues.

Tested local and remote MariaDB and MySQL servers. No issues.
Using php-fpm instead of mod_php.
Using two factor authentication plugin.

System: Mageia 8, x86_64, Apache, MariaDB, MySQL, Firefox, Chromium, AMD CPU.

$ uname -a
Linux jupiter 6.1.6-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Jan 14 13:18:00 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q phpmyadmin apache mariadb

CC: (none) => mageia

Comment 5 PC LX 2023-02-13 02:31:57 CET
This update has been working for 4 days without issues so will give it the OK. Please undo if needed.

Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2023-02-13 19:09:55 CET
Validating. Advisory information in comment 1, comment 2, and comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-02-14 21:33:33 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2023-02-14 23:45:11 CET
An update for this issue has been pushed to the Mageia Updates repository.


Resolution: (none) => FIXED

Comment 8 David Walser 2023-02-15 17:57:58 CET
(In reply to David Walser from comment #3)
> Additional reference:
> https://www.phpmyadmin.net/security/PMASA-2023-1/

This now has CVE-2023-25727:

Note You need to log in before you can comment on or make changes to this bug.