new release 5.2.1 https://www.phpmyadmin.net/news/2023/2/8/phpmyadmin-4911-and-521-are-released/
Updated phpmyadmin fix some errors and add some improvements: - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick - issue #17519 Fix Export pages not working in certain conditions - issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing - issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page - issue #17248 Support the UUID data type for MariaDB >= 10.7 - issue #16042 Fixes malformed downloads when using gzip compression type and FireFox browser - Add `spellcheck="false"` to all password fields and some text fields to avoid spell-jacking data leaks - Fixes for JavaScript errors when using Designer - Fixes for PHP 8.2 compatibility References: https://www.phpmyadmin.net/news/2023/2/8/phpmyadmin-4911-and-521-are-released/ ======================== Updated packages in core/updates_testing: ======================== phpmyadmin-5.2.1-1.mga8.noarch.rpm SRPM: phpmyadmin-5.2.1-1.mga8.src.rpm
Assignee: mageia => qa-bugs
Found this too - but not much info about this. No CVE, .. [security] Fix an XSS attack through the drag-and-drop upload feature (PMASA-2023-01)
CVE: (none) => PMASA-2023-01QA Contact: (none) => securityComponent: RPM Packages => Security
Additional reference: https://www.phpmyadmin.net/security/PMASA-2023-1/
Installed and tested without issues. Tested local and remote MariaDB and MySQL servers. No issues. Using php-fpm instead of mod_php. Using two factor authentication plugin. System: Mageia 8, x86_64, Apache, MariaDB, MySQL, Firefox, Chromium, AMD CPU. $ uname -a Linux jupiter 6.1.6-desktop-1.mga8 #1 SMP PREEMPT_DYNAMIC Sat Jan 14 13:18:00 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q phpmyadmin apache mariadb phpmyadmin-5.2.1-1.mga8 apache-2.4.55-1.mga8 mariadb-10.5.19-1.mga8
CC: (none) => mageia
This update has been working for 4 days without issues so will give it the OK. Please undo if needed.
Whiteboard: (none) => MGA8-64-OK
Validating. Advisory information in comment 1, comment 2, and comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0049.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
(In reply to David Walser from comment #3) > Additional reference: > https://www.phpmyadmin.net/security/PMASA-2023-1/ This now has CVE-2023-25727: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VQ5VVS2CGDQ32RHYLQQZFFFADPEZO6KM/