Summary: | dev-db/phpmyadmin-2.6.1-pl2 incorrectly grants wildcard privileges on databases with underscore in their name | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Jakub Moc (RETIRED) <jakub> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | minor | CC: | ka0ttic, lewk, mholzer, twp | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://bugs.gentoo.org/show_bug.cgi?id=83163 | ||||||||
Whiteboard: | B3 [glsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | |||||||||
Bug Blocks: | 83190 | ||||||||
Attachments: |
|
Description
Jakub Moc (RETIRED)
2005-03-02 02:53:38 UTC
Apparently fixed in upstream : http://cvs.sourceforge.net/viewcvs.py/phpmyadmin/phpMyAdmin/server_privileges.php?r1=2.40&r2=2.42 Reporter: please try to apply patch and check it fixes the problem. twp: we might need a new bump before releasing GLSA :) Affirmative, captain. ;-) GRANT ALL PRIVILEGES ON `test\_db` . * TO 'test'@'localhost'; Now I can finally have some sleep. Thank you very much! Martin (mholzer) -- Could you bump this please? I won't have time to look at this until Monday evening at the earliest. Could you take maintainership of phpmyadmin? Cheers, Tom 2.6.1_p2-r1 is in cvs, stable x86. CC'd archs please stable. Created attachment 52466 [details]
failed patch
This patch does not work - see attachment
* Applying 2.6.1_p2-no-wildcard-privs-for-you.patch ...
* Failed Patch: 2.6.1_p2-no-wildcard-privs-for-you.patch!
*
* Include in your bugreport the contents of:
*
*
/var/tmp/portage/phpmyadmin-2.6.1_p2-r1/temp/2.6.1_p2-no-wildcard-privs-for-you.patch-32018.out
Created attachment 52467 [details, diff]
working patch
Note the redundant path phpmyadmin/phpMyAdmin/ was stripped. ;-)
Also note that the post-install instructions are now wrong again (version changed) 1. Update MySQL's grant tables and the pmadb database: mysql -u root -p < /usr/share/webapps/phpmyadmin/2.6.1_p2/sqlscripts/mysql/2.6.1_p2_create.sql Aaron: patch fails, see above Actually it has nothing to do with the patch. As I originally thought it's due to the $Id: $ change in the source file. cvs see's this and automatically updates the timestamp, thus causing the patch to fail. I've had to patch the sources then change the $Id back then re-diff ;) Fixed. I've also updated the ebuild to automatically update the postinst-en.txt file that gets installed so that PVR is set correctly. err s/patch/paths/ OK, it works now. :-) Arches, please mark latest stable Stable on ppc. stable on amd64 Stable on SPARC. Stable on alpha. GLSA 200503-07 This bug should also be fixed in phpMyAdmin-2.6.1-pl3. *** Bug 85556 has been marked as a duplicate of this bug. *** ebuild no longer in portage. |