Hi,
We are sorry to report that the release of 2.6.1-pl1 introduced an instability, producing various problems. This has been fixed, and here is 2.6.1-pl2.
See http://www.phpmyadmin.net.
Marc Delisle, for the team
Hi
On Thu 24. 2. 2005 20:28, Marc Delisle wrote:
We are sorry to report that the release of 2.6.1-pl1 introduced an instability, producing various problems. This has been fixed, and here is 2.6.1-pl2.
Will you write also security announcement?
Side note: I'm anyway fixing phpMyAdmin for older SUSE distributions, so I can provide patches for some older version if wanted.
I have only slight problem with 2.4.0 and older where we used code:
if (!empty($_GET)) { extract($_GET, EXTR_OVERWRITE); } else if (!empty($HTTP_GET_VARS)) { extract($HTTP_GET_VARS, EXTR_OVERWRITE); } // end if
Will it work if I change EXTR_OVERWRITE to EXTR_SKIP or do I have to backport all logic from newer version?
Michal Čihař a écrit :
Hi
On Thu 24. 2. 2005 20:28, Marc Delisle wrote:
We are sorry to report that the release of 2.6.1-pl1 introduced an instability, producing various problems. This has been fixed, and here is 2.6.1-pl2.
Will you write also security announcement?
Yes, PMASA-2005-1 is already on-line, PMASA-2005-2 is being written (about path disclosure). When PMASA-2005-2 is on-line, I will send a email on the lists about both announcements.
Side note: I'm anyway fixing phpMyAdmin for older SUSE distributions, so I can provide patches for some older version if wanted.
Good! Can you work on patching 2.2.7-pl1 for a -pl2? Do you have a PHP3 system on-line to test it?
I have only slight problem with 2.4.0 and older where we used code:
if (!empty($_GET)) { extract($_GET, EXTR_OVERWRITE); } else if (!empty($HTTP_GET_VARS)) { extract($HTTP_GET_VARS, EXTR_OVERWRITE); } // end ifWill it work if I change EXTR_OVERWRITE to EXTR_SKIP or do I have to backport all logic from newer version?
I don't remember this old code but I would say it's safer to backport the whole logic.
Marc
On Fri 25. 2. 2005 16:16, Marc Delisle wrote:
Michal Čihař a écrit :
Side note: I'm anyway fixing phpMyAdmin for older SUSE distributions, so I can provide patches for some older version if wanted.
Good!
Available here: http://www.cihar.com/phpMyAdmin/security-backports/
Michal Čihař a écrit :
On Fri 25. 2. 2005 16:16, Marc Delisle wrote:
Michal Čihař a écrit :
Side note: I'm anyway fixing phpMyAdmin for older SUSE distributions, so I can provide patches for some older version if wanted.
Good!
Available here: http://www.cihar.com/phpMyAdmin/security-backports/
Interesting! Do you plan to include 2.2.7 as well?
Marc
On Fri 25. 2. 2005 17:02, Marc Delisle wrote:
Michal Čihař a écrit :
On Fri 25. 2. 2005 16:16, Marc Delisle wrote:
Michal Čihař a écrit :
Side note: I'm anyway fixing phpMyAdmin for older SUSE distributions, so I can provide patches for some older version if wanted.
Good!
Available here: http://www.cihar.com/phpMyAdmin/security-backports/
Interesting! Do you plan to include 2.2.7 as well?
No I have no need to do this ;-). And no access to php3 server to test it.
All these were needed to provide security updates for SUSE, where I work.
On Fri 25. 2. 2005 16:16, Marc Delisle wrote:
Michal Čihař a écrit :
Side note: I'm anyway fixing phpMyAdmin for older SUSE distributions, so I can provide patches for some older version if wanted.
Good! Can you work on patching 2.2.7-pl1 for a -pl2? Do you have a PHP3 system on-line to test it?
No, I fixed only 2.4.0 and several newer versions.
I have only slight problem with 2.4.0 and older where we used code:
if (!empty($_GET)) { extract($_GET, EXTR_OVERWRITE); } else if (!empty($HTTP_GET_VARS)) { extract($HTTP_GET_VARS, EXTR_OVERWRITE); } // end ifWill it work if I change EXTR_OVERWRITE to EXTR_SKIP or do I have to backport all logic from newer version?
I don't remember this old code but I would say it's safer to backport the whole logic.
I did exactly this, it looks safer.
-
Marc Delisle -
Michal Čihař