31527 – phpmyadmin: update to latest version 5.2.1

Bug 31527 - phpmyadmin: update to latest version 5.2.1

Summary: phpmyadmin: update to latest version 5.2.1

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	8
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA8-64-OK
Keywords:	advisory, validated_update

Depends on:
Blocks:

Reported:	2023-02-08 19:21 CET by Marc Krämer
Modified:	2023-02-15 17:57 CET (History)
CC List:	4 users (show)

See Also:
Source RPM:	phpmyadmin
CVE:	PMASA-2023-01
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Marc Krämer 2023-02-08 19:21:28 CET

new release 5.2.1

https://www.phpmyadmin.net/news/2023/2/8/phpmyadmin-4911-and-521-are-released/

Comment 1 Marc Krämer 2023-02-08 19:24:44 CET

Updated phpmyadmin fix some errors and add some improvements:


- issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
- issue #17519 Fix Export pages not working in certain conditions
- issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing
- issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page
- issue #17248 Support the UUID data type for MariaDB >= 10.7
- issue #16042 Fixes malformed downloads when using gzip compression type and FireFox browser
- Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks
- Fixes for JavaScript errors when using Designer
- Fixes for PHP 8.2 compatibility

References:
https://www.phpmyadmin.net/news/2023/2/8/phpmyadmin-4911-and-521-are-released/
========================

Updated packages in core/updates_testing:
========================
phpmyadmin-5.2.1-1.mga8.noarch.rpm

SRPM:
phpmyadmin-5.2.1-1.mga8.src.rpm

Assignee: mageia => qa-bugs

Comment 2 Marc Krämer 2023-02-08 19:27:59 CET

Found this too - but not much info about this. No CVE, ..

[security] Fix an XSS attack through the drag-and-drop upload feature (PMASA-2023-01)

CVE: (none) => PMASA-2023-01
QA Contact: (none) => security
Component: RPM Packages => Security

Comment 3 David Walser 2023-02-09 17:28:39 CET

Additional reference:
https://www.phpmyadmin.net/security/PMASA-2023-1/

Comment 4 PC LX 2023-02-10 11:42:06 CET

Installed and tested without issues.


Tested local and remote MariaDB and MySQL servers. No issues.
Using php-fpm instead of mod_php.
Using two factor authentication plugin.


System: Mageia 8, x86_64, Apache, MariaDB, MySQL, Firefox, Chromium, AMD CPU.


$ uname -a
Linux jupiter 6.1.6-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Jan 14 13:18:00 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q phpmyadmin apache mariadb
phpmyadmin-5.2.1-1.mga8
apache-2.4.55-1.mga8
mariadb-10.5.19-1.mga8

CC: (none) => mageia

Comment 5 PC LX 2023-02-13 02:31:57 CET

This update has been working for 4 days without issues so will give it the OK. Please undo if needed.

Whiteboard: (none) => MGA8-64-OK

Comment 6 Thomas Andrews 2023-02-13 19:09:55 CET

Validating. Advisory information in comment 1, comment 2, and comment 3.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2023-02-14 21:33:33 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 7 Mageia Robot 2023-02-14 23:45:11 CET

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0049.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Comment 8 David Walser 2023-02-15 17:57:58 CET

(In reply to David Walser from comment #3)
> Additional reference:
> https://www.phpmyadmin.net/security/PMASA-2023-1/

This now has CVE-2023-25727:
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VQ5VVS2CGDQ32RHYLQQZFFFADPEZO6KM/

Note You need to log in before you can comment on or make changes to this bug.