Package: phpmyadmin / 4:3.3.7-7

Metadata

Package Version Patches format
phpmyadmin 4:3.3.7-7 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
mootools.patch | (download)

db_structure.php | 1 1 + 0 - 0 !
main.php | 1 1 + 0 - 0 !
setup/index.php | 1 1 + 0 - 0 !
sql.php | 1 1 + 0 - 0 !
tbl_replace.php | 1 1 + 0 - 0 !
tbl_select.php | 1 1 + 0 - 0 !
tbl_structure.php | 1 1 + 0 - 0 !
7 files changed, 7 insertions(+)

 
 include both mootools and mootools-more
  This is needed for using mootools from Debian package rather than shipped one.
CVE 2010 4329.patch | (download)

libraries/common.lib.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] bug #3115519: fixed xss on search
CVE 2010 4481.patch | (download)

phpinfo.php | 4 0 + 4 - 0 !
1 file changed, 4 deletions(-)

 
 [patch] do not load common with pma_minimum_common

Defining PMA_MINIMUM_COMMON skips authentication, what should not be
done for this file.
CVE 2010 4480.patch | (download)

error.php | 90 0 + 90 - 0 !
libraries/common.inc.php | 1 0 + 1 - 0 !
libraries/core.lib.php | 15 6 + 9 - 0 !
libraries/error.inc.php | 57 57 + 0 - 0 !
4 files changed, 63 insertions(+), 100 deletions(-)

 
---
CVE 2011 0987.patch | (download)

libraries/bookmark.lib.php | 19 14 + 5 - 0 !
sql.php | 2 1 + 1 - 0 !
2 files changed, 15 insertions(+), 6 deletions(-)

 
 [patch] avoid using all users query as default when browsing.
CVE 2011 2505.patch | (download)

libraries/auth/swekey/swekey.auth.lib.php | 5 2 + 3 - 0 !
1 file changed, 2 insertions(+), 3 deletions(-)

 
 [patch] fixed possible session corruption in swekey authentication
CVE 2011 2506.patch | (download)

setup/lib/ConfigFile.class.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] fixed possible code injection incase session variables are compromised
CVE 2011 2507.patch | (download)

libraries/server_synchronize.lib.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] fixed regexp quoting issue in synchronize code
CVE 2011 2508.patch | (download)

libraries/display_tbl.lib.php | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 [patch] fixed filtering of a file path, which allowed for directory traversal, see pmasa-2011-8
CVE 2011 2642.patch | (download)

tbl_printview.php | 4 2 + 2 - 0 !
1 file changed, 2 insertions(+), 2 deletions(-)

 
 [patch] backported fix for pmasa-2011-9 to 3.3
PMASA 2011 12.patch | (download)

libraries/auth/swekey/swekey.auth.lib.php | 12 7 + 5 - 0 !
1 file changed, 7 insertions(+), 5 deletions(-)

 
---
CVE 2011 4107.patch | (download)

Documentation.html | 6 6 + 0 - 0 !
libraries/import/ods.php | 12 12 + 0 - 0 !
libraries/import/xml.php | 12 12 + 0 - 0 !
3 files changed, 30 insertions(+)

 
---
CVE 2011 1940+CVE 2011 3181.patch | (download)

libraries/tbl_links.inc.php | 2 1 + 1 - 0 !
tbl_tracking.php | 84 44 + 40 - 0 !
transformation_wrapper.php | 2 1 + 1 - 0 !
3 files changed, 46 insertions(+), 42 deletions(-)

 
---
debian.patch | (download)

libraries/vendor_config.php | 10 5 + 5 - 0 !
1 file changed, 5 insertions(+), 5 deletions(-)

 
 adjust phpmyadmin vendor configuration to match debian needs
 - setup generates configuration in /var
 - documentation is in /usr/share/doc
 - config file consists of several included files, so we skip mtime check
doc.patch | (download)

Documentation.html | 21 4 + 17 - 0 !
1 file changed, 4 insertions(+), 17 deletions(-)

 
 adjust phpmyadmin documentation to match our changes
 Document how to enable setup script.