Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 593582 (CVE-2016-6606, CVE-2016-6607, CVE-2016-6608, CVE-2016-6609, CVE-2016-6610, CVE-2016-6611, CVE-2016-6612, CVE-2016-6613, CVE-2016-6614, CVE-2016-6615, CVE-2016-6616, CVE-2016-6617, CVE-2016-6618, CVE-2016-6619, CVE-2016-6620, CVE-2016-6622, CVE-2016-6623, CVE-2016-6624, CVE-2016-6625, CVE-2016-6626, CVE-2016-6627, CVE-2016-6628, CVE-2016-6629, CVE-2016-6630, CVE-2016-6631, CVE-2016-6632, CVE-2016-6633) - <dev-db/phpmyadmin-{4.0.10.17,4.4.15.8,4.6.4}: multiple vulnerabilities
Summary: <dev-db/phpmyadmin-{4.0.10.17,4.4.15.8,4.6.4}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2016-6606, CVE-2016-6607, CVE-2016-6608, CVE-2016-6609, CVE-2016-6610, CVE-2016-6611, CVE-2016-6612, CVE-2016-6613, CVE-2016-6614, CVE-2016-6615, CVE-2016-6616, CVE-2016-6617, CVE-2016-6618, CVE-2016-6619, CVE-2016-6620, CVE-2016-6622, CVE-2016-6623, CVE-2016-6624, CVE-2016-6625, CVE-2016-6626, CVE-2016-6627, CVE-2016-6628, CVE-2016-6629, CVE-2016-6630, CVE-2016-6631, CVE-2016-6632, CVE-2016-6633
Product: Gentoo Linux
Classification: Unclassified
Component: Stabilization (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://www.phpmyadmin.net/news/2016/...
Whiteboard: B3 [glsa cve]
Keywords:
Depends on:
Blocks: CVE-2016-5097, CVE-2016-5098, CVE-2016-5099, CVE-2016-5701, CVE-2016-5702, CVE-2016-5703, CVE-2016-5704, CVE-2016-5705, CVE-2016-5706, CVE-2016-5730, CVE-2016-5731, CVE-2016-5732, CVE-2016-5733, CVE-2016-5734, CVE-2016-5739
  Show dependency tree
 
Reported: 2016-09-12 12:10 UTC by Jorge Manuel B. S. Vicetto (RETIRED)
Modified: 2017-01-11 13:15 UTC (History)
1 user (show)

See Also:
Package list:
=dev-db/phpmyadmin-4.0.10.17 =dev-db/phpmyadmin-4.4.15.8
Runtime testing required: ---
stable-bot: sanity-check-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jorge Manuel B. S. Vicetto (RETIRED) gentoo-dev 2016-09-12 12:10:09 UTC 
From ${URL} :

The phpMyAdmin team announces the release of versions 4.0.10.17 (security fixes), 4.4.15.8 (security fixes), and 4.6.4 (security and bug fixes).

These release includes many security fixes of various levels of severity. We recommend all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are unable to upgrade, refer to the ChangeLog file included with this release and the security announcements at https://www.phpmyadmin.net/security/.

Aside from the security fixes, bugs have been fixed in version 4.6.4 affecting:

  Create view when no view name specified
  Changing a password
  Fix deleting of users with non-English locales
  Fixed password change on MariaDB without auth plugin
  and more

The ebuilds for the new releases are already in the tree[1]

 [1] - https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=84db43ac66e56231e2a50b978dabb33368cc4c1b
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2016-09-12 22:37:45 UTC 
v4.4.15.6:
https://www.phpmyadmin.net/news/2016/5/26/phpmyadmin-security-notifications-and-44156-released/

CVE-2016-5097
CVE-2016-5098
CVE-2016-5099


v4.4.15.7:
https://www.phpmyadmin.net/news/2016/6/23/phpmyadmin-401016-44157-and-463-are-released/

CVE-2016-5701
CVE-2016-5702
CVE-2016-5703
CVE-2016-5704
CVE-2016-5705
CVE-2016-5706
CVE-2016-5730
CVE-2016-5731
CVE-2016-5732
CVE-2016-5733
CVE-2016-5734
CVE-2016-5739


v4.4.15.8:
https://www.phpmyadmin.net/news/2016/8/16/phpmyadmin-401017-44158-and-464-are-released/

CVE-2016-6606
CVE-2016-6607
CVE-2016-6608
CVE-2016-6609
CVE-2016-6610
CVE-2016-6611
CVE-2016-6612
CVE-2016-6613
CVE-2016-6614
CVE-2016-6615
CVE-2016-6616
CVE-2016-6617
CVE-2016-6618
CVE-2016-6619
CVE-2016-6620
CVE-2016-6622
CVE-2016-6623
CVE-2016-6624
CVE-2016-6625
CVE-2016-6626
CVE-2016-6627
CVE-2016-6628
CVE-2016-6629
CVE-2016-6630
CVE-2016-6631
CVE-2016-6632
CVE-2016-6633





@arch teams:

Can you please add stable keywords for
=dev-db/phpmyadmin-4.0.10.17
=dev-db/phpmyadmin-4.4.15.8

Desired keywords:
KEYWORDS="alpha amd64 hppa ~ia64 ppc ppc64 sparc x86 ~x86-fbsd ~ppc-macos ~x64-macos ~x86-macos"
Comment 2 Agostino Sarubbo gentoo-dev 2016-09-13 12:03:23 UTC 
amd64 stable
Comment 3 Tobias Klausmann (RETIRED) gentoo-dev 2016-09-17 09:52:07 UTC 
Stable on alpha.
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2016-09-24 07:06:37 UTC 
Stable for HPPA.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2016-09-24 08:15:49 UTC 
Stable for HPPA PPC64.
Comment 6 Agostino Sarubbo gentoo-dev 2016-12-13 11:33:03 UTC 
x86 stable
Comment 7 Agostino Sarubbo gentoo-dev 2016-12-28 08:55:08 UTC 
Dear Maintainer (or who is mainly involved in this stable request),

This is an auto-generated message that will move the current component to the new component Stabilization.
To ensure that the stabilization will proceed correctly, please fill the fields "Atoms to stabilize" and "Runtime testing required" as described here:
https://archives.gentoo.org/gentoo-dev/message/4b2ef0e9aa7588224b8ae799c5fe31fa
Comment 8 Stabilization helper bot gentoo-dev 2017-01-04 09:23:59 UTC 
An automated check of this bug failed - the following atom is unknown:

dev-db/phpmyadmin-4.0.10.17

Please verify the atom list.
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-10 14:44:47 UTC 
Added to existing GLSA.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2017-01-11 13:15:33 UTC 
This issue was resolved and addressed in
 GLSA 201701-32 at https://security.gentoo.org/glsa/201701-32
by GLSA coordinator Aaron Bauman (b-man).