Package: phpmyadmin / 4:3.3.7-11

Metadata

Package Version Patches format
phpmyadmin 4:3.3.7-11 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
mootools.patch | (download)

db_structure.php | 1 1 + 0 - 0 !
main.php | 1 1 + 0 - 0 !
setup/index.php | 1 1 + 0 - 0 !
sql.php | 1 1 + 0 - 0 !
tbl_replace.php | 1 1 + 0 - 0 !
tbl_select.php | 1 1 + 0 - 0 !
tbl_structure.php | 1 1 + 0 - 0 !
7 files changed, 7 insertions(+)

 
 include both mootools and mootools-more
  This is needed for using mootools from Debian package rather than shipped one.
CVE 2010 4329.patch | (download)

libraries/common.lib.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] bug #3115519: fixed xss on search
CVE 2010 4481.patch | (download)

phpinfo.php | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 
 [patch] do not load common with pma_minimum_common

Defining PMA_MINIMUM_COMMON skips authentication, what should not be
done for this file.
CVE 2010 4480.patch | (download)

error.php | 90 0 + 90 - 0 !
libraries/common.inc.php | 1 0 + 1 - 0 !
libraries/core.lib.php | 15 6 + 9 - 0 !
libraries/error.inc.php | 57 57 + 0 - 0 !
4 files changed, 63 insertions(+), 100 deletions(-)

 
---
CVE 2011 0987.patch | (download)

libraries/bookmark.lib.php | 19 14 + 5 - 0 !
sql.php | 2 1 + 1 - 0 !
2 files changed, 15 insertions(+), 6 deletions(-)

 
 [patch] avoid using all users query as default when browsing.
CVE 2011 2505.patch | (download)

libraries/auth/swekey/swekey.auth.lib.php | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 
 [patch] fixed possible session corruption in swekey authentication
CVE 2011 2506.patch | (download)

setup/lib/ConfigFile.class.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] fixed possible code injection incase session variables are compromised
CVE 2011 2507.patch | (download)

libraries/server_synchronize.lib.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] fixed regexp quoting issue in synchronize code
CVE 2011 2508.patch | (download)

libraries/display_tbl.lib.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] fixed filtering of a file path, which allowed for directory traversal, see pmasa-2011-8
CVE 2011 2642.patch | (download)

tbl_printview.php | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 [patch] backported fix for pmasa-2011-9 to 3.3
PMASA 2011 12.patch | (download)

libraries/auth/swekey/swekey.auth.lib.php | 12 7 + 5 - 0 !
1 file changed, 7 insertions(+), 5 deletions(-)

 
---
CVE 2011 4107.patch | (download)

Documentation.html | 6 6 + 0 - 0 !
libraries/import/ods.php | 12 12 + 0 - 0 !
libraries/import/xml.php | 12 12 + 0 - 0 !
3 files changed, 30 insertions(+)

 
---
CVE 2011 1940+CVE 2011 3181.patch | (download)

libraries/tbl_links.inc.php | 2 1 + 1 - 0 !
tbl_tracking.php | 84 44 + 40 - 0 !
transformation_wrapper.php | 2 1 + 1 - 0 !
3 files changed, 46 insertions(+), 42 deletions(-)

 
---
debian.patch | (download)

libraries/vendor_config.php | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 
 adjust phpmyadmin vendor configuration to match debian needs
 - setup generates configuration in /var
 - documentation is in /usr/share/doc
 - config file consists of several included files, so we skip mtime check
doc.patch | (download)

Documentation.html | 21 4 + 17 - 0 !
1 file changed, 4 insertions(+), 17 deletions(-)

 
 adjust phpmyadmin documentation to match our changes
 Document how to enable setup script.
CVE 2013 3239.patch | (download)

export.php | 4 4 + 0 - 0 !
libraries/sanitizing.lib.php | 28 27 + 1 - 0 !
2 files changed, 31 insertions(+), 1 deletion(-)

 
---
CVE 2013 4995.patch | (download)

libraries/display_tbl.lib.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
---
CVE 2013 4996.patch | (download)

libraries/navigation_header.inc.php | 12 10 + 2 - 0 !
1 file changed, 10 insertions(+), 2 deletions(-)

 
---
CVE 2013 5003.patch | (download)

pmd_pdf.php | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 
---
CVE 2014 8958.patch | (download)

libraries/Config.class.php | 2 1 + 1 - 0 !
tbl_printview.php | 2 1 + 1 - 0 !
themes/darkblue_orange/css/theme_right.css.php | 2 1 + 1 - 0 !
themes/original/css/theme_left.css.php | 2 1 + 1 - 0 !
themes/original/css/theme_right.css.php | 2 1 + 1 - 0 !
5 files changed, 5 insertions(+), 5 deletions(-)

 
---
CVE 2014 9218.patch | (download)

libraries/common.inc.php | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 
---
CVE 2015 2206.patch | (download)

libraries/select_lang.lib.php | 19 4 + 15 - 0 !
1 file changed, 4 insertions(+), 15 deletions(-)

 
---
CVE 2015 3902.patch | (download)

libraries/url_generating.lib.php | 4 3 + 1 - 0 !
setup/frames/form.inc.php | 4 2 + 2 - 0 !
setup/frames/index.inc.php | 4 2 + 2 - 0 !
setup/frames/menu.inc.php | 12 6 + 6 - 0 !
setup/frames/servers.inc.php | 4 2 + 2 - 0 !
setup/index.php | 2 1 + 1 - 0 !
setup/lib/form_processing.lib.php | 14 7 + 7 - 0 !
setup/validate.php | 6 4 + 2 - 0 !
8 files changed, 27 insertions(+), 23 deletions(-)

 
---
CVE 2016 2039.patch | (download)

libraries/phpseclib/Crypt/Random.php | 230 230 + 0 - 0 !
libraries/session.inc.php | 6 4 + 2 - 0 !
libraries/session.inc.php.orig | 106 106 + 0 - 0 !
libraries/session.inc.php.rej | 11 11 + 0 - 0 !
4 files changed, 351 insertions(+), 2 deletions(-)

 
 fix for cve-2016-2039
CVE 2016 2041.patch | (download)

libraries/common.inc.php | 2 1 + 1 - 0 !
libraries/core.lib.php | 8 8 + 0 - 0 !
2 files changed, 9 insertions(+), 1 deletion(-)

 
 fix for cve-2016-2041