File: changelog

package info (click to toggle)
phpmyadmin 4%3A2.9.1.1-13
links: PTS
area: main
in suites: etch
size: 13,324 kB
ctags: 119,177
sloc: php: 148,860; sh: 645; sql: 224; perl: 142
file content (999 lines) | stat: -rw-r--r-- 37,961 bytes
phpmyadmin (4:2.9.1.1-13) oldstable-security; urgency=low

  * Fix inverted logic in documentation of new script.

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 25 Oct 2009 12:25:47 +0100

phpmyadmin (4:2.9.1.1-12) oldstable-security; urgency=high

  * Upload to oldstable to fix security issues.
  * Cross site scripting (CVE-2009-3696, closes: #552194).
  * Allow saving of configuration from setup script only after
    explicit action from administrator (closes: #535044, #543460).

 -- Thijs Kinkhorst <thijs@debian.org>  Sat, 24 Oct 2009 15:06:53 +0200

phpmyadmin (4:2.9.1.1-11) oldstable-security; urgency=high

  * Upload to oldstable to fix security issues.
  * Cross site scripting in export page using cookies.
    [CVE-2009-1150, PMASA-2009-2]
  * Static code injection in setup.php. This file should normally
    be protected by Apache authentication.
    [CVE-2009-1151, PMASA-2009-3]

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 25 Jun 2009 22:28:24 +0200

phpmyadmin (4:2.9.1.1-10) stable-security; urgency=high

  * Add fix for cross site scripting attack through the
    table parameter (CVE-2008-5621).

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 11 Feb 2009 22:13:00 +0100

phpmyadmin (4:2.9.1.1-9) stable-security; urgency=high

  * The PMA_escapeJsString function in libraries/js_escape.lib.php in
    phpMyAdmin before 2.11.9.2, when Internet Explorer is used, allows remote
    attackers to bypass cross-site scripting (XSS) protection mechanisms and
    conduct XSS attacks via a NUL byte inside a "</script" sequence.
    [CVE-2008-4326]
  * Add missing variable 'lang' to $allow_list, which unbreaks the
    language selection on the login screen (regression introduced in -8).
    (Closes: #503270)

 -- Thijs Kinkhorst <thijs@debian.org>  Sun, 30 Nov 2008 12:52:40 +0100

phpmyadmin (4:2.9.1.1-8) stable-security; urgency=high

  * Update for etch to address security issues.
  * Remote code execution by authenticated users.
    [PMASA-2008-7, CVE-2008-4096]
  * Prohibit phpMyAdmin to be framed by a remote site
    [PMASA-2008-6, CVE-2008-3456, CVE-2008-3457]
  * Cross site request forgery to create a database or change the
    character set (mostly annoyance).
    [PMASA-2008-5, CVE-2008-3197]

 -- Thijs Kinkhorst <thijs@debian.org>  Sat, 20 Sep 2008 14:17:52 +0200

phpmyadmin (4:2.9.1.1-7) stable-security; urgency=high

  * Update for etch to address a security issue.
  * Attackers with CREATE table permissions were allowed to read arbitrary
    files via a crafted HTTP POST request, related to use of an undefined
    UploadDir variable. [PMASA-2008-3, CVE-2008-1924]
  * Stores the MySQL (1) username and (2) password, and the (3) Blowfish
    secret key, in cleartext in a Session file under /tmp, which allows
    local users to obtain sensitive information.
    [PMASA-2008-2, CVE-2008-1567]
  * phpMyAdmin accesses $_REQUEST to obtain some parameters instead of
    $_GET and $_POST, which allows attackers in the same domain to
    override certain variables and conduct SQL injection and Cross Site
    Request Forgery (CSRF) attacks by using crafed cookies.
    [PMASA-2008-1, CVE-2008-1149]

 -- Thijs Kinkhorst <thijs@debian.org>  Thu, 24 Apr 2008 20:00:49 +0200

phpmyadmin (4:2.9.1.1-6) stable-security; urgency=high

  * Update for etch to address a security issue.
  * Cross-site scripting (XSS) vulnerability in scripts/setup.php in
    phpMyAdmin 2.11.1, when accessed by a browser that does not
    URL-encode requests, allows remote attackers to inject arbitrary
    web script or HTML via the query string.
    (CVE-2007-5386, PMASA-2007-5, closes: #446451)

 -- Thijs Kinkhorst <thijs@debian.org>  Wed,  7 Nov 2007 14:41:34 +0100

phpmyadmin (4:2.9.1.1-5) stable-security; urgency=high

  * Update for etch to address a security issue.
  * Muliple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
    2.11.1.2 allow remote attackers to inject arbitrary web script or HTML via
    certain input available in (1) PHP_SELF in (a) server_status.php, and (b)
    grab_globals.lib.php, (c) display_change_password.lib.php, and (d)
    common.lib.php in libraries/; and certain input available in PHP_SELF and
    (2) PATH_INFO in libraries/common.inc.php.
    (CVE-2007-5589, PMASA-2007-6)

 -- Thijs Kinkhorst <thijs@debian.org>  Wed,  7 Nov 2007 13:30:08 +0100

phpmyadmin (4:2.9.1.1-4) stable-security; urgency=high

  * Update for etch to address security issues.
  * Incomplete blacklist vulnerability in index.php in
    phpMyAdmin 2.8.0 through 2.9.2 allows remote attackers to conduct
    cross-site scripting (XSS) attacks by injecting arbitrary JavaScript or
    HTML in a (1) db or (2) table parameter value followed by an uppercase
    </SCRIPT> end tag, which bypasses the protection against lowercase
    </script>. [CVE-2007-1395]
  * Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before
    2.10.1.0 allow remote attackers to inject arbitrary web script or HTML
    via (1) the fieldkey parameter to browse_foreigners.php or (2) certain
    input to the PMA_sanitize function. [CVE-2007-2245]
  * Add fix/workaround for deep array recursion, which may cause PHP to
    crash the webserver. [CVE-2007-1325]

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 28 Aug 2007 22:31:30 +0200

phpmyadmin (4:2.9.1.1-3) unstable; urgency=medium

  * Added Galician debconf translation by Jacobo Tarrio (Closes: #412195).
  * Actually install config.default.php example file (Closes: #412655).
  * Add XS-Vcs-* fields to debian/control.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 28 Feb 2007 01:07:56 +0100

phpmyadmin (4:2.9.1.1-2) unstable; urgency=high

  * Backport security-related changes from 2.9.2-rc1:
  * CVE-2007-0203: Multiple unspecified vulnerabilities;
    this turns out to be (1) cross site scripting and
    (2) the same as CVE-2006-6374. (Closes: #406332, #406486)
  * CVE-2006-6374: the vulnerability only applies to
    PHP < 5.1.2 and < 4.4.2, so strictly speaking current
    Debian is not vulnerable. Include it anyway, to not expose
    those using older PHP versions. (Closes: #404744)

 -- Thijs Kinkhorst <thijs@debian.org>  Fri, 12 Jan 2007 15:29:28 +0100

phpmyadmin (4:2.9.1.1-1) unstable; urgency=high

  * New upstream release.
    - Addresses several security issues (Closes: #399329).

  * In Depends, explicitly prefer the apache2/apache PHP module, to make
    sure the correct one is selected upon installation.
  * Drop 100-dutch_fixtypo.patch, integrated upstream.

  * Add note to default config file about adding sensitive data
    to that file (Closes: #321529).
  * Update README.Debian with information about register_globals.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 22 Nov 2006 22:24:02 +0100

phpmyadmin (4:2.9.0.3-1) unstable; urgency=medium

  * New upstream bugfix release.
    - Includes a fix for a XSS security issue.
      (PMASA-2006-6, CVE-2006-5718, Closes: #396638)

  * 100-dutch_fixtypo.patch: Add patch to fix typo in Dutch
    translation which also caused a layout problem in the login
    screen.
  * 021-config.inc.php_no_check_mtime.patch: Add patch to Config
    class to disable checking for the mtime of config.inc.php.
    Since we include other files from it, those will otherwise
    never be read (Closes: #392022).
  * Add depends on perl since it's used in the maintainer scripts.
  * Update shipped htaccess to make it compatible with Apache 2.2
    (Closes: #396560).

  * Updated translations:
    - Bokmål by Bjørn Steensrud.
    - Basque by Piarres Beobide.
    - Dutch by self.
    - Danish by Claus Hindsgaul (Closes: #393871).
    - Japanese by Hideki Yamane (Closes: #396548).

 -- Thijs Kinkhorst <thijs@debian.org>  Thu,  2 Nov 2006 15:45:29 +0100

phpmyadmin (4:2.9.0.2-1) unstable; urgency=low

  * New maintainer, thanks Piotr for your previous work!
  * Acknowledge NMU's, thanks Steinar! (Closes: #378681)
  * Fix typo in debconf templates and unfuzzy that.
  * Tweak package description.

 -- Thijs Kinkhorst <thijs@debian.org>  Wed, 11 Oct 2006 14:46:37 +0200

phpmyadmin (4:2.9.0.2-0.1) unstable; urgency=high

  * Non-maintainer upload with maintainer consent.
  * Upgrade to latest upstream version to battle cross-site
    request forgery (PMASA-2006-5, CVE-2006-5116, CVE-2006-5117,
    closes: 391090).
  * New upstream also fixes broken database export functionality
    (closes: 374918) and database/table copy (closes: 390484).
  * Update translations:
    - Danish by Claus Hindsgaul (Closes: 357972).
    - Italian by Luca Monducci (Closes: 382139).
    - Spanish by Nacho Barrientos Arias (Closes: 385365).

 -- Thijs Kinkhorst <thijs@debian.org>  Tue, 10 Oct 2006 20:56:25 +0200

phpmyadmin (4:2.8.2-0.2) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix issue with /var/www pointing to /usr/share/phpmyadmin.
    (Closes: #385889)
    * Make sure we install /var/www as a directory, since we make a symlink into
      it and we can't rely on it being there.
    * Explicitly link to /var/www/phpmyadmin instead of /var/www, to make sure
      we don't make a new /var/www even if it should be removed for some
      reason.

 -- Steinar H. Gunderson <sesse@debian.org>  Mon, 11 Sep 2006 00:14:54 +0200

phpmyadmin (4:2.8.2-0.1) unstable; urgency=high

  * Non-maintainer upload.
  * New upstream release.
    * Fixes cross-site-scripting issues. [CVE-2006-3388] (Closes: #377748)

 -- Steinar H. Gunderson <sesse@debian.org>  Tue, 18 Jul 2006 12:52:19 +0200

phpmyadmin (4:2.8.1-1) unstable; urgency=medium

  * New upstream release. Closes: #373204.
    - The French translation is correct. Closes: #362154.
    - Generates correct dumps with UPDATE syntax. Closes: #364702.
  * Security fix: XSRF vulnerability.
    See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-3
    See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1804
    [CVE-2006-1803, CVE-2006-1804]
  * Security fix: XSS vulnerabilities. It was not a problem for Debian with
    the default settings.
    See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-2
    See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2031
    [CVE-2006-2031, CVE-2006-2417, CVE-2006-2418]
    Closes: #363519, #368082.
  * Updated Portuguese debconf templates translation, thanks Miguel Figueiredo.
    Closes: #363597.
  * Updated Russian debconf templates translation, thanks Yuriy Talakan.
    Closes: #367146.
  * Convert non-ISO-8859-1 debconf templates translation to UTF-8.

 -- Piotr Roszatycki <dexter@debian.org>  Sun, 25 Jun 2006 18:10:23 +0200

phpmyadmin (4:2.8.0.3-1) unstable; urgency=medium

  * New upstream release.
  * Security fix: XSS vulnerability (calling directly css files under themes)
    See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-1
    See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1678
    Closes: #362567.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 14 Apr 2006 14:47:28 +0200

phpmyadmin (4:2.8.0.2-4) unstable; urgency=low

  * Fixed typos in debconf template. Closes: #360059.
  * Updated Czech debconf templates translation, thanks Miroslav Kure.
    Closes: #359757.
  * Updated German debconf templates translation, thanks Daniel Knabl.
    Closes: #359752.
  * Updated Swedish debconf templates translation, thanks Daniel Nylander.
  * Updated Vietnamese debconf templates translation, thanks Clytie Siddall.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 31 Mar 2006 14:54:00 +0200

phpmyadmin (4:2.8.0.2-3) unstable; urgency=low

  * Add missing javascript files. Closes: #357743, #357579.
  * Updated Brazilian Portuguese debconf templates translation, thanks Andre
    Luis Lopes. Closes: #357840.

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 20 Mar 2006 11:06:09 +0100

phpmyadmin (4:2.8.0.2-2) unstable; urgency=low

  * Do not use 822-date command in postinst script. Close: #357605.

 -- Piotr Roszatycki <dexter@debian.org>  Sat, 18 Mar 2006 15:02:47 +0100

phpmyadmin (4:2.8.0.2-1) unstable; urgency=low

  * New upstream release. Closes: #356013, #355931.
    - Can work if DocumentRoot is set to phpMyAdmin's directory.
      Closes: #352403, #349497.
    - pma_* features work with PersistentConnection mode. Closes: #348489.
    - Export of table works if __TABLE__ macro is used. Closes: #217364.
    - Can navigate back to user after changing privileges on database.
      Closes: #338758.
    - Fixes XSS [CVE-2006-1258]
  * Reedited package description.
  * Tweaked dependencies. Prefer php5-cgi package and does not depend on
    apache2, because the PHP can be started as FastCGI standalone server.
    Closes: #340286, #307441.
  * This release provides http://localhost/phpmyadmin/scripts/setup.php setup
    script. This script requires authorization by default.
  * Generate longer blowfish secret on install.
  * Create symlink /var/www/phpmyadmin only at first install.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 17 Mar 2006 10:56:43 +0100

phpmyadmin (4:2.7.0-pl2-1) unstable; urgency=low

  * New upstream release. Closes: #342203.
  * Tweak the dependencies and prefer PHP5 with Apache2.
  * Support cgid.so module for threaded Apache2.
  * Removed all Debian specific patches.
  * Portuguese debconf templates translation, thanks Miguel Figueiredo.
    Closes: #336444.

 -- Piotr Roszatycki <dexter@debian.org>  Wed,  4 Jan 2006 15:34:36 +0100

phpmyadmin (4:2.6.4-pl4-2) unstable; urgency=high

  * Security fix: Cross-site scripting by trusting potentially user-supplied
    input.
    See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3665
    New 200-CVE-2005-3665.patch. Closes: #340438.

 -- Piotr Roszatycki <dexter@debian.org>  Wed, 23 Nov 2005 14:31:15 +0100

phpmyadmin (4:2.6.4-pl4-1) unstable; urgency=high

  * New upstream release.
  * Security fix: HTTP Response Splitting vulnerability.
    See: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6
    See: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3621
    Closes: #339437.
  * New 105-bug_debian_324318.patch:
    - Always set the default configuration values, even if the config.inc.php
      file seems to be up to date. This fix allows to utilise more than three
      databases. Closes: #324318.

 -- Piotr Roszatycki <dexter@debian.org>  Wed, 16 Nov 2005 13:10:14 +0100

phpmyadmin (4:2.6.4-pl3-1) unstable; urgency=high

  * New upstream release.
  * Security fix: (1) Local file inclusion vulnerability and (2) Cross-Site
    Scripting vulnerability.
    See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3300
    See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3301
    Closes: #335306, #335513.
  * Assigned CVE number for 4:2.6.4-pl2-1 bug fix.

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 24 Oct 2005 20:14:08 +0200

phpmyadmin (4:2.6.4-pl2-1) unstable; urgency=high

  * New upstream release.
  * Security fix: local file inclusion vulnerability.
    See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
    Closes: #333433.

 -- Piotr Roszatycki <dexter@debian.org>  Wed, 12 Oct 2005 15:07:42 +0200

phpmyadmin (4:2.6.4-pl1-2) unstable; urgency=low

  * Rebuilt with new YADA. Depends: debconf (>= 0.2.26) | debconf-2.0
  * Swedish debconf templates translation, thanks Daniel Nylander.
    Closes: #330645.

 -- Piotr Roszatycki <dexter@debian.org>  Tue,  4 Oct 2005 13:01:25 +0200

phpmyadmin (4:2.6.4-pl1-1) unstable; urgency=medium

  * New upstream release.
  * Security fix: Two Cross-Site Scripting vulnerabilities.
    See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2869
    Closes: #327345.
  * Append the Debian package revision number to the upstream version number.
    Marks that this phpMyAdmin package has additional Debian modifications so
    the bugreports won't confuse phpMyAdmin's coders.
  * Create minimal /usr/share/phpmyadmin/config.inc.php file with proper
    comment. Closes: #321270.
  * Reintroduced /etc/phpmyadmin/apache.conf. Closes: #307181, #308460,
    #312611, #312668.
  * Removed all Debian patches as are obsoleted now.
  * Depends: apache2 | httpd
  * Recommends: php4-mcrypt | php5-mcrypt. Closes: #321259.
  * Arabic debconf templates translation. Closes: #320773.
  * Vietnamese debconf templates translation. Closes: #316841.
  * Updated Brazilian Portuguese debconf templates translation. Closes: #310875.
  * Updated German debconf templates translation. Closes: #326141.
  * New yada fixes postrm script fail when ucf is missing. Closes: #322139.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 16 Sep 2005 16:21:21 +0200

phpmyadmin (4:2.6.2-3) unstable; urgency=high

  * Fix apache2.conf only for 4:2.6.2-1 release. Closes: #307901 (critical),
    #307275 (critical), #304786 (critical).
  * Clean up old 'Include /etc/phpmyadmin/apache.conf' from httpd.conf in safe
    way.
  * Removed old code which modified httpd.conf if 'Include /etc/apache/conf.d'
    was missing.
  * Note for release manager: cleaning up config.inc.php doesn't change the
    application logic. The autoloading of the PHP extensions is already
    implemented in the upstream's code.

 -- Piotr Roszatycki <dexter@debian.org>  Sat,  7 May 2005 14:49:49 +0200

phpmyadmin (4:2.6.2-2) unstable; urgency=high

  * Doesn't modify apache2.conf. Try to revert the changes.
    Closes: #307275 (critical).
  * Remove obsoleted conffiles and symlinks on purge. Closes: #307415.
  * The default behaviour is not to autoconfigurate webservers.
  * Doesn't load the PHP extensions automatically in config.inc.php script.

 -- Piotr Roszatycki <dexter@debian.org>  Thu,  5 May 2005 11:40:46 +0200

phpmyadmin (4:2.6.2-1) unstable; urgency=low

  * New upstream release
  * NEWS and README.Debian file are documented about problem with logging
    in with cookie based authentication.
  * Removed suPHP directive from apache.conf file. Closes: #304018.
  * Configuration in .htaccess doesn't override global access settings.
    Closes: #303535.
  * Updated Brazilian Portuguese debconf templates translation.
    Closes: #304566.
  * Apache configuration is installed separately, not through symlinks.
  * Convert httpd.conf and apache.conf. They have to contain
    "Include /etc/apache2/conf.d/*.conf" directive.

 -- Piotr Roszatycki <dexter@debian.org>  Tue, 19 Apr 2005 11:51:21 +0200

phpmyadmin (3:2.6.2-rc1-1) unstable; urgency=high

  * New upstream release.
  * Security fix: Cross-Site Scripting vulnerability.
    See http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-3
    Closes: #303142.
  * Don't enable PHP if mod_fcgid is loaded in Apache 2.x.

 -- Piotr Roszatycki <dexter@debian.org>  Tue,  5 Apr 2005 15:17:25 +0200

phpmyadmin (3:2.6.1-pl3-2) unstable; urgency=high

  * Fixed the bug in postinst introduced in last upload. Closes: #299034.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 11 Mar 2005 11:14:05 +0100

phpmyadmin (3:2.6.1-pl3-1) unstable; urgency=high

  * New upstream release.
  * Fixed annoying bug that a user called 'xx@%' could be created but
    not removed. Closes: #208539.
  * Fixed critical bug introduced by php4 compiled with ZTS option. Added
    003-dl_with_zts.patch. Closes: #297725.
  * Renamed debian/patches/*.diff to *.patch.
  * Depends also on php5-fcgi.

 -- Piotr Roszatycki <dexter@debian.org>  Mon,  7 Mar 2005 12:21:00 +0100

phpmyadmin (3:2.6.1-pl2-2) unstable; urgency=low

  * Fixed converting /etc/apache/conf.d/phpmyadmin to phpmyadmin.conf at
    upgrade time.

 -- Piotr Roszatycki <dexter@debian.org>  Wed,  2 Mar 2005 20:30:29 +0100

phpmyadmin (3:2.6.1-pl2-1) unstable; urgency=high

  * New upsteam release.
  * Security fix: A variable injection vulnerability was found in phpMyAdmin,
    that may allow an attacker to conduct Cross-site scripting (XSS) attacks
    and / or perform remote file inclusion.
    See http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-1
    Closes: #296845.
  * Switched off register_globals in .htaccess.
  * Does not recommend versioned apache, as far as it works wrongly with
    aptitude. Closes: #295786.

 -- Piotr Roszatycki <dexter@debian.org>  Sat, 26 Feb 2005 17:39:31 +0100

phpmyadmin (3:2.6.1-1) unstable; urgency=low

  * New upstream release.
  * Czech debconf templates translation. Closes: #293611.
  * Woody backward compatibility. See bug 1117907 on Sourceforge.

 -- Piotr Roszatycki <dexter@debian.org>  Mon,  7 Feb 2005 15:20:09 +0100

phpmyadmin (2:2.6.1-rc2-2) unstable; urgency=low

  * Configuration for suPHP can't be in .htaccess. Closes: #287897.

 -- Piotr Roszatycki <dexter@debian.org>  Tue, 18 Jan 2005 19:13:12 +0100

phpmyadmin (2:2.6.1-rc2-1) unstable; urgency=low

  * New upstream release.
  * Rename the symlink /etc/$APACHE/conf.d and add .conf suffix.
    Closes: #286100.
  * Disable suPHP for security reasons. Closes: #287897.
  * Use /cgi-bin/php if CGI mode is used.
  * Depends on php4 | php4-cgi | php5 | php5-cgi.
  * Modified Description field to make lintian happy.
  * Fixed postinst script for better php5 support.

 -- Piotr Roszatycki <dexter@debian.org>  Wed, 12 Jan 2005 21:37:02 +0100

phpmyadmin (2:2.6.1-rc1-1) unstable; urgency=high

  * New upstream release.
  * Security fix: Command execution and file disclosure was found.
    See http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-4
    Closes: #285488.
  * Remove 003.non_standard_port_fix.diff applied to upstream.
  * Add commented out options 'extension' and 'AllowRoot' to default config
    file.
  * Support mysqli.so extension. Autodetect modules from 'extension' option.

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 13 Dec 2004 19:23:57 +0100

phpmyadmin (2:2.6.0-pl3-2) unstable; urgency=high

  * Security fix is broken if non-standard HTTP(S) port is used.
    Closes: #283044.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 26 Nov 2004 09:55:29 +0100

phpmyadmin (2:2.6.0-pl3-1) unstable; urgency=high

  * New upstream release.
  * Security fix: Multiple XSS vulnerability were found.
    See http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3
  * Tweaks dependencies: depends php4 | php4-cgi; don't suggests
    non-free mysql-doc.
  * Supports unofficial php5 packages.

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 22 Nov 2004 10:22:41 +0100

phpmyadmin (2:2.6.0-pl2-2) unstable; urgency=low

  * Updated German translation of the debconf templates. Closes: #280998.

 -- Piotr Roszatycki <dexter@debian.org>  Thu, 18 Nov 2004 14:08:27 +0100

phpmyadmin (2:2.6.0-pl2-1) unstable; urgency=high

  * New upstream release.
  * Security fix: If PHP is not running in safe mode, a problem in the
    MIME-based transformation system (with an "external" transformation)
    allows to execute any command with the privileges of the web server's
    user. 

 -- Piotr Roszatycki <dexter@debian.org>  Thu, 14 Oct 2004 11:33:56 +0200

phpmyadmin (2:2.6.0-pl1-1) unstable; urgency=low

  * New upstream release.
  * This release fixes patch 003.woody_compatibility.

 -- Piotr Roszatycki <dexter@debian.org>  Wed, 29 Sep 2004 09:39:38 +0200

phpmyadmin (2:2.6.0-1) unstable; urgency=low

  * New upstream release.
  * Depends: php4-cgi (>= 4.1.0) | libapache-mod-php4. The php4-cgi package
    is recommended as easier for installation. Closes: #267878.
  * Depends: apache | apache-perl | apache-ssl | apache2 | httpd.
  * Added patch for woody with MySQL from backports.org compatibility.

 -- Piotr Roszatycki <dexter@debian.org>  Tue, 28 Sep 2004 09:42:06 +0200

phpmyadmin (1:2.6.0-rc1-1) experimental; urgency=low

  * New upstream release.
  * Disable the default warning that is displayed on the DB Details Structure
    page if any of the required Tables for the relation features could not be
    found.

 -- Piotr Roszatycki <dexter@debian.org>  Mon,  9 Aug 2004 10:21:07 +0200

phpmyadmin (1:2.5.7-pl1-2) unstable; urgency=medium

  * blowfish_secret.inc.php must not be world readable. Closes: #257968.

 -- Piotr Roszatycki <dexter@debian.org>  Thu,  5 Aug 2004 17:37:46 +0200

phpmyadmin (1:2.5.7-pl1-1) unstable; urgency=high

  * New upstream release
  * Fixes security problems. See
    http://securityfocus.com/archive/1/367486/2004-06-26/2004-07-02/0
    and the Documentation.html, FAQ 8.2.

 -- Piotr Roszatycki <dexter@debian.org>  Thu,  1 Jul 2004 09:51:54 +0200

phpmyadmin (1:2.5.7-1) unstable; urgency=low

  * New upstream release
  * Add /var/www/phpmyadmin to the apache.conf, closes: #246367.
  * Suggests: php4-gd, closes: #243714.
  * Should work with E_ALL, closes: #244672.
  * Remove php3 from dependencies and DebConf templates, closes: #246002.
  * Fixed typo in DebConf template, closes: #250841.
  * Dutch debconf templates translation (unfinished...), closes: #216936.
  * Split configuration to the /etc/phpmyadmin/config.inc.php and
    /usr/share/phpmyadmin/config.inc.php, closes: #225766.
  * Ask for restart only if required, closes: #249940.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 25 Jun 2004 10:27:26 +0200

phpmyadmin (1:2.5.6-2) unstable; urgency=low

  * Supports PHP for Apache2, closes: #242797.
  * apache.conf uses <Directory> than <DirectoryMatch>, closes: #236978.
  * Remove /etc/*/conf.d/phpmyadmin on purge, closes: #239080.
  * Fixed DebConf scripts. Should not ask again about webservers,
    closes: #239480.
  * Install /var/www/phpmyadmin symlink than Alias, closes: #238598.
  * Catalan debconf templates translation, closes: #236636.
  * DebConf templates:
    * Removed phpmyadmin/changed-extension
    * Renamed phpmyadmin/webserver to phpmyadmin/reconfigure-webserver
    * Renamed phpmyadmin/restart to phpmyadmin/restart-webserver

 -- Piotr Roszatycki <dexter@debian.org>  Sat, 27 Mar 2004 13:16:26 +0100

phpmyadmin (1:2.5.6-1) unstable; urgency=low

  * New upstream release.
  * Ignore missing /etc/phpmyadmin directory for postrm purge, close: #235696.
  * Danish debconf templates translation, closes: #234948.

 -- Piotr Roszatycki <dexter@debian.org>  Thu,  4 Mar 2004 17:16:56 +0100

phpmyadmin (2.5.6-rc2-1) unstable; urgency=low

  * New upstream release.
  * Removed conffiles /etc/phpmyadmin/{header,footer}.inc.php. They are
    not conffiles for a long time. Closes: #232557, #231880.
  * Brazilian Portuguese debconf templates translation, closes: #231713.
  * French debconf templates translation, closes: #220804.
  * Japanese po-debconf template translation, closes: #222282.

 -- Piotr Roszatycki <dexter@debian.org>  Sun, 22 Feb 2004 13:14:00 +0100

phpmyadmin (2.5.6-rc1-1) unstable; urgency=high

  * New upstream release.
  * Security fix: possible attack against export.php, see
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0129,
    closes: #231050.

 -- Piotr Roszatycki <dexter@debian.org>  Wed,  4 Feb 2004 12:34:11 +0100

phpmyadmin (2.5.5-pl1-2) unstable; urgency=low

  * Restored upstream release notes.

 -- Piotr Roszatycki <dexter@debian.org>  Tue,  3 Feb 2004 15:33:54 +0100

phpmyadmin (2.5.5-pl1-1) unstable; urgency=low

  * New upstream release.
  * Depends php4 or php4-cgi (>= 4.1.0) and suggests mysql-server (>= 3.23.36).

 -- Piotr Roszatycki <dexter@debian.org>  Wed, 28 Jan 2004 11:17:25 +0100

phpmyadmin (2.5.4-2) unstable; urgency=low

  * Call modules-config rather than writing directly to modules.conf.
  * Recommends: apache (>= 1.3.29.0.1-1), php4, php4-mysql
  * Update Russian translation, closes: #221827.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 19 Dec 2003 18:58:27 +0100

phpmyadmin (2.5.4-1) unstable; urgency=low

  * New official unstable release.
  * Fixed apache.conf with IfModule directive.
  * Closes bugs with pending tag:
    o Fixed problem with password changes, closes: #216467
    o Fixed print view for one table, closes: #149172
    o Fixed grants for table contained backslash in its name, closes: #149416
    o Can login with empty password, closes: #171784
    o apache.conf includes DirectoryIndex directive, closes: #217100
    o Can copy user grants/permissions to other user, closes: #152807
    o Backs to browse listing after edting, closes: #168980

 -- Piotr Roszatycki <dexter@debian.org>  Fri,  7 Nov 2003 11:42:44 +0100

phpmyadmin (2.5.4-0.4) experimental; urgency=low

  * Fixed another ucf bug.

 -- Piotr Roszatycki <dexter@debian.org>  Thu,  6 Nov 2003 19:45:31 +0100

phpmyadmin (2.5.4-0.3) experimental; urgency=low

  * ucf should be called on "configure" action. YADA relative problem.

 -- Piotr Roszatycki <dexter@debian.org>  Tue,  4 Nov 2003 13:21:29 +0100

phpmyadmin (2.5.4-0.2) experimental; urgency=low

  * modules-config hangs up if postinst uses debconf. Write to modules.conf
    directly.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 31 Oct 2003 17:21:10 +0100

phpmyadmin (2.5.4-0.1) experimental; urgency=low

  * New upstream release.
  * ucf handles configuration files.
  * Don't use wwwconfig-common.
  * Handle Apache2 webserver.
  * Works with new DebConfized Apache package.

 -- Piotr Roszatycki <dexter@debian.org>  Tue, 28 Oct 2003 15:45:34 +0100

phpmyadmin (2.5.3-1) unstable; urgency=low

  * New upstream release.

 -- Piotr Roszatycki <dexter@debian.org>  Mon,  8 Sep 2003 10:37:07 +0200

phpmyadmin (2.5.2-pl1-1) unstable; urgency=low

  * New upstrem release.
  * NEWS.Debian renamed to NEWS, closes: #204901.

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 11 Aug 2003 22:21:18 +0200

phpmyadmin (2.5.2-2) unstable; urgency=high

  * The upstream also fixes XSS vulnerabilities, information
    encoding weakness and transversal directory attack. This was
    mentioned in Debian.NEWS file only, not changelog.Debian file.
    See http://www.securityfocus.com/archive/1/325641. Closes: #203092.
  * CVS fix: another patch for path disclosure problem.
  * CVS fix: a user could not edit his own global privileges.

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 28 Jul 2003 09:39:11 +0200

phpmyadmin (2.5.2-1) unstable; urgency=low

  * New upstream release
  * French debconf translation, closes: #200724
  * Generates /etc/phpmyadmin/blowfish_secret.inc.php in postinst script.

 -- Piotr Roszatycki <dexter@debian.org>  Thu, 24 Jul 2003 10:50:01 +0200

phpmyadmin (2.5.1-1) unstable; urgency=high

  * New upstream release
  * Fixes security problem. Prevent transversal directory attacks and remote
    local directory listing with discovering directory content.

 -- Piotr Roszatycki <dexter@debian.org>  Sat, 28 Jun 2003 21:57:23 +0200

phpmyadmin (2.4.0-2) unstable; urgency=high

  * Fixes bug introduced by previous fix. I don't know how I could upload
    this crap. Sorry. Closes: #184214, #184544

 -- Piotr Roszatycki <dexter@debian.org>  Thu, 13 Mar 2003 02:14:05 +0100

phpmyadmin (2.4.0-1) unstable; urgency=low

  * New upstream release

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 10 Mar 2003 19:29:09 +0100

phpmyadmin (2.3.3pl1-1) unstable; urgency=low

  * New upstream release
  * phpMyAdmin can login without password and shows connection errors.

 -- Piotr Roszatycki <dexter@debian.org>  Thu,  5 Dec 2002 12:01:54 +0100

phpmyadmin (2.3.2-4) unstable; urgency=low

  * Don't insert NULL value if textarea is not empty. Fix from CVS snapshot,
    closes: #168979
    
 -- Piotr Roszatycki <dexter@debian.org>  Mon, 18 Nov 2002 19:17:14 +0100

phpmyadmin (2.3.2-3) unstable; urgency=low

  * Missing libraries, closes: #166698

 -- Piotr Roszatycki <dexter@debian.org>  Mon,  4 Nov 2002 15:43:58 +0100

phpmyadmin (2.3.2-2) unstable; urgency=low

  * Missing translators.html

 -- Piotr Roszatycki <dexter@debian.org>  Thu, 17 Oct 2002 10:32:49 +0200

phpmyadmin (2.3.2-1) unstable; urgency=low

  * New upstream release, closes: #157915
    + phpMyAdmin showed that the one field is PRIMARY key even if no field
      was PRIMARY, closes: #144362
    + Can dump table and field names with backquotes, closes: #144513
    + Fixed Russian translation, closes: #144617
    + Cookie path is autodetected, closes: #155108
  * Now the absolute URI is autodetected, closes: #147714
  * Spanish DebConf template, closes: #153071

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 11 Oct 2002 12:46:29 +0200

phpmyadmin (2.2.6-1) unstable; urgency=low

  * New upstream release

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 22 Apr 2002 17:01:39 +0200

phpmyadmin (2.2.5-2.2.6-rc2-1) unstable; urgency=low

  * New upstream release
  * Fixed wwwconfig-common stuff, closes: #139986

 -- Piotr Roszatycki <dexter@debian.org>  Thu, 18 Apr 2002 11:44:44 +0200

phpmyadmin (2.2.5-2.2.6-rc1-2) unstable; urgency=low

  * Fixed postrm for debconf if package is not configured yet.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 12 Apr 2002 12:12:22 +0200

phpmyadmin (2.2.5-2.2.6-rc1-1) unstable; urgency=low

  * New upstream release
  * Russian debconf template, closes: #137674

 -- Piotr Roszatycki <dexter@debian.org>  Thu, 11 Apr 2002 16:48:00 +0200

phpmyadmin (2.2.3-1) unstable; urgency=low

  * New upstream release

 -- Piotr Roszatycki <dexter@debian.org>  Tue,  8 Jan 2002 13:02:45 +0100

phpmyadmin (2.2.2-2.2.3-dev-20011218-1) unstable; urgency=low

  * New upstream release (CVS snapshot)
  * This upstream release implements cookie based authentication. Finally :)
  * Fixes 'Query empty' bug when ordering by a column, closes: #123459
  * Fixes spelling error in description, closes: #125243
  * Removed invalid command for PHP3 from apache.conf, closes: #122941

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 17 Dec 2001 16:17:11 +0100

phpmyadmin (2.2.1-2.2.2-rc1-2) unstable; urgency=low

  * Works with error_reporting=E_ALL, closes: #121328
  * Turn on register_globals in apache.conf

 -- Piotr Roszatycki <dexter@debian.org>  Tue, 27 Nov 2001 11:10:59 +0100

phpmyadmin (2.2.1-2.2.2-rc1-1) unstable; urgency=medium

  * New upstream release, closes: #118716
  * New upstream fixes several security problems.

 -- Piotr Roszatycki <dexter@debian.org>  Wed, 21 Nov 2001 12:13:07 +0100

phpmyadmin (2.2.0-4) unstable; urgency=low

  * Missing select_box() function added, required for multiserver config.

 -- Piotr Roszatycki <dexter@debian.org>  Mon,  1 Oct 2001 12:38:08 +0200

phpmyadmin (2.2.0-3) unstable; urgency=low

  * User can login even if (s)he doesn't have priviliges to mysql
    database, really closes: #112099
  * New yada, package should build from source.
  * Remove CVS directories.

 -- Piotr Roszatycki <dexter@debian.org>  Tue, 18 Sep 2001 15:57:25 +0200

phpmyadmin (2.2.0-2) unstable; urgency=low

  * Fixed typo in lib.inc.php, closes: #112099
  * Compatibility with potato's mysql server
  * Frameset is now resizable, applied patch from CVS

 -- Piotr Roszatycki <dexter@debian.org>  Tue, 18 Sep 2001 14:07:59 +0200

phpmyadmin (2.2.0-1) unstable; urgency=high

  * New upstream release, closes: #70086, #104515
  * Upstream changed to SourceForge project (http://phpmyadmin.sf.net).
  * Security update, see SecurityFocus.
  * Suggests: mysql-server, closes: #67547
  * DebConf and wwwconfig-common for automatic webserver reconfiguration.

 -- Piotr Roszatycki <dexter@debian.org>  Fri, 31 Aug 2001 12:23:04 +0200

phpmyadmin (2.1.0.1-5) unstable; urgency=low

  * Fixed edit after select action, thanks Werner Ammon.
  * Fixed german translation.

 -- Piotr Roszatycki <dexter@debian.org>  Mon,  9 Jul 2001 17:37:46 +0200

phpmyadmin (2.1.0.1-4) unstable; urgency=high

  * Security update, see: http://securityfocus.com/vdb/bottom.html?vid=2966
  * Compiled with phpMyAdmin-SecureReality.diff patch from
    http://www.securereality.com.au/srpre00001.html
  * Added charset info to left.php

 -- Piotr Roszatycki <dexter@debian.org>  Mon,  9 Jul 2001 12:51:00 +0200

phpmyadmin (2.1.0.1-3) unstable; urgency=low

  * German template file, closes: #99332

 -- Piotr Roszatycki <dexter@debian.org>  Thu, 31 May 2001 08:59:43 +0200

phpmyadmin (2.1.0.1-2) unstable; urgency=low

  * Clean up debian/packages
  * Renamed .php3 to .php, see Debconf note.
  * Purging /etc/phpmyadmin in postrm

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 21 May 2001 12:45:34 +0200

phpmyadmin (2.1.0.1-1) unstable; urgency=low

  * New upstream release from unofficial source, see copyright info,
    closes: #82506
  * New yada
  * Removed dependency on libmysqlclient

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 29 Jan 2001 17:12:30 +0000

phpmyadmin (2.1.0-1) unstable; urgency=low

  * php4-cgi added to Depends
  * Standards-Version: 3.1.0
  * New upstream release

 -- Piotr Roszatycki <dexter@debian.org>  Tue, 10 Oct 2000 18:17:07 +0200

phpmyadmin (2.0.5-2) unstable; urgency=low

  * Suggests: mysql-doc
  * Load mysql.so module if not loaded
  * Set charset in META tag
  * Minor changes in debian/ directory

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 10 Jul 2000 12:43:41 +0200

phpmyadmin (2.0.5-1) frozen unstable; urgency=medium

  * This upstream source allows creating tables, closes: #53751
  * New upstream release

 -- Piotr Roszatycki <dexter@debian.org>  Thu, 10 Feb 2000 19:09:11 +0100

phpmyadmin (2.0.4-3) unstable; urgency=low

  * Polish translation in polish.inc.php3
  * Slightly modified README.Debian
  * New feature: logout.php3; required by Netscape browser.
  * Suggests: mysql-doc; modified default conffile and sources.
  * Depends: php4, php4-mysql; a minor changes in debian/*.dpatch files.

 -- Piotr Roszatycki <dexter@debian.org>  Sat, 27 Nov 1999 14:32:24 +0100

phpmyadmin (2.0.4-2) unstable; urgency=low

  * yada 0.8
  * moved to main archive

 -- Piotr Roszatycki <dexter@debian.org>  Sat,  6 Nov 1999 23:33:59 +0100

phpmyadmin (2.0.4-1) unstable; urgency=low

  * /usr/doc/... symlink.
  * Removed some debhelper's constructions
  * README.Debian in dpatch file.
  * New option in config file: verbose.
  * New language: Portuguese.
  * New upstream release.

 -- Piotr Roszatycki <dexter@debian.org>  Mon, 18 Oct 1999 19:09:48 +0200

phpmyadmin (2.0.3-1) unstable; urgency=low

  * Initial Debian version.

 -- Piotr Roszatycki <dexter@debian.org>  Wed, 25 Aug 1999 21:32:14 +0200