Description: "phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server." There is no fix upstream so we just have to wait.
Package list is empty or all packages have requested keywords.
Upstream says: "I haven't seen any positive feedback from folks with regards to testing the patch to verify it's suitability and/or making sure it isn't breaking anything else." Maybe it's time we added the patches for testing?
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=28ff884ee447917d218180c379481502215316bb commit 28ff884ee447917d218180c379481502215316bb Author: Francisco Javier Félix <web@inode64.com> AuthorDate: 2023-09-18 09:16:35 +0000 Commit: Alfredo Tupone <tupone@gentoo.org> CommitDate: 2023-09-23 16:16:11 +0000 dev-db/phppgadmin: update to 7.14.5 and support for PHP 8.x * Support for PHP 8.x * use a new fork, the old one has not been updated for 2 years * remove old versions, they are incompatible with PHP 8.x Closes: https://bugs.gentoo.org/762514 Signed-off-by: INODE64 <web@inode64.com> Closes: https://github.com/gentoo/gentoo/pull/32895 Signed-off-by: Alfredo Tupone <tupone@gentoo.org> dev-db/phppgadmin/Manifest | 3 +-- dev-db/phppgadmin/metadata.xml | 2 +- dev-db/phppgadmin/phppgadmin-7.12.1.ebuild | 38 ------------------------------ dev-db/phppgadmin/phppgadmin-7.13.0.ebuild | 38 ------------------------------ dev-db/phppgadmin/phppgadmin-7.14.5.ebuild | 38 ++++++++++++++++++++++++++++++ 5 files changed, 40 insertions(+), 79 deletions(-)