Summary: | <dev-db/phpmyadmin-{4.9.6,5.0.3}: multiple vulnerabilities (CVE-2020-{26934,26935}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | filip.ambroz, jmbsvicetto, toto, web-apps |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.phpmyadmin.net/security/PMASA-2020-5/ | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: |
dev-db/phpmyadmin-4.9.6
|
Runtime testing required: | --- |
Description
filip ambroz
2020-10-11 12:20:50 UTC
Package atom in summary should not be versioned until those versions are in tree. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/dev/jmbsvicetto.git/commit/?id=db9b00696f52941c510bfa1e068038df67f7f7c5 commit db9b00696f52941c510bfa1e068038df67f7f7c5 Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2020-10-14 16:01:24 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2020-10-14 16:01:24 +0000 dev-db/phpmyadmin: Security bump (4.9.6, 5.0.3). CVE-2020-{26934,26935} Bug: https://bugs.gentoo.org/747805 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> dev-db/phpmyadmin/Manifest | 2 + dev-db/phpmyadmin/phpmyadmin-4.9.6.ebuild | 61 +++++++++++++++++++++++++++++++ dev-db/phpmyadmin/phpmyadmin-5.0.3.ebuild | 61 +++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8607d3bd46a14bb879f65b3888078562d11a3ef commit a8607d3bd46a14bb879f65b3888078562d11a3ef Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2020-10-14 16:12:21 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2020-10-14 16:14:53 +0000 dev-db/phpmyadmin: Security bump (4.9.6, 5.0.3). CVE-2020-{26934,26935} Bug: https://bugs.gentoo.org/747805 Package-Manager: Portage-3.0.6, Repoman-3.0.1 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> dev-db/phpmyadmin/Manifest | 2 + dev-db/phpmyadmin/phpmyadmin-4.9.6.ebuild | 61 +++++++++++++++++++++++++++++++ dev-db/phpmyadmin/phpmyadmin-5.0.3.ebuild | 61 +++++++++++++++++++++++++++++++ 3 files changed, 124 insertions(+) Thanks Jorge, please stabilize 4.9.6 when ready. Ready? x86 stable amd64 done ppc stable sparc stable ppc64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3397ead58a8062f38ef33150e4d6fd8a2123b09c commit 3397ead58a8062f38ef33150e4d6fd8a2123b09c Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2020-11-19 19:18:49 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2020-11-19 19:18:49 +0000 dev-db/phpmyadmin: Cleanup vulnuerable releases. Bug: https://bugs.gentoo.org/747805 Package-Manager: Portage-3.0.6, Repoman-3.0.1 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> dev-db/phpmyadmin/Manifest | 1 - dev-db/phpmyadmin/phpmyadmin-4.9.5.ebuild | 61 ------------------------------- 2 files changed, 62 deletions(-) New GLSA request filed. 4.9.6 don't work with php 5.6 bump to 4.9.7 Fixes this version: * Two factor authentication was broken * Incompatibilities with older PHP versions. This issue was resolved and addressed in GLSA 202101-35 at https://security.gentoo.org/glsa/202101-35 by GLSA coordinator Aaron Bauman (b-man). |