The annotated tag, RELEASE_2_11_10_1 has been created
at acb28084b99d21da7f6a49cbac70097d51e897e7 (tag)
tagging b1cb5590eefd2977bdb3a6e45796d5a4189e95ad (commit)
replaces RELEASE_2_11_10
tagged by Michal Čihař
on Fri Aug 20 13:47:26 2010 +0200
- Log -----------------------------------------------------------------
Released 2.11.10.1
Herman van Rink (1):
Fix XSS on error with very long query.
Marc Delisle (1):
Fix XSS on delimiter in db_sql.php.
Michal Čihař (17):
Fix XSS on delimiter in tbl_sql.php.
Secure handling of sort_by and sort_order in server_databases.php.
Fix handling of unknown sort order.
Add option to escape PMA_sanitize output.
Escape html chars in form values.
Document PMA_sanitize.
Fix XSS on dbname.
Fix XSS on tablename and pred_tablename.
Fix XSS on username.
Fix XSS on hostname.
Properly escape key name when generating config file.
Fix XSS with $cfg['SQP']['fmtType'] = 'text'.
Fix possible XSS on IIS redirect page.
Avoid information disclossure on error.
Escape error message coming from MySQL to avoid XSS on bad parameters.
Changelog.
Set version to 2.11.10.1.
-----------------------------------------------------------------------
hooks/post-receive
--
phpMyAdmin
The branch, master has been updated
via a20fe8aefed968b4ce51ac258197e5fa61fbc6a7 (commit)
from 6f2e601a4540541517e2f44286c4debb69fd48bb (commit)
- Log -----------------------------------------------------------------
commit a20fe8aefed968b4ce51ac258197e5fa61fbc6a7
Author: Michal Čihař <mcihar(a)novell.com>
Date: Fri Aug 20 14:03:17 2010 +0200
Add security announcements.
-----------------------------------------------------------------------
Summary of changes:
templates/security/{PMASA-2009-3 => PMASA-2010-4} | 30 ++++---
templates/security/PMASA-2010-5 | 87 +++++++++++++++++++++
2 files changed, 105 insertions(+), 12 deletions(-)
copy templates/security/{PMASA-2009-3 => PMASA-2010-4} (51%)
create mode 100644 templates/security/PMASA-2010-5
diff --git a/templates/security/PMASA-2009-3 b/templates/security/PMASA-2010-4
similarity index 51%
copy from templates/security/PMASA-2009-3
copy to templates/security/PMASA-2010-4
index 218cb14..0dd4a22 100644
--- a/templates/security/PMASA-2009-3
+++ b/templates/security/PMASA-2010-4
@@ -1,11 +1,11 @@
<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
<py:def function="announcement_id">
-PMASA-2009-3
+PMASA-2010-4
</py:def>
<py:def function="announcement_date">
-2009-03-24
+2010-08-20
</py:def>
<py:def function="announcement_summary">
@@ -14,9 +14,9 @@ Insufficient output sanitizing when generating configuration file.
<py:def function="announcement_description">
-Setup script used to generate configuration can be fooled using a crafted POST
+The setup script used to generate configuration can be fooled using a crafted POST
request to include arbitrary PHP code in generated configuration file.
-Combined with ability to save files on server, this can allow unauthenticated
+Combined with the ability to save files on the server, this can allow unauthenticated
users to execute arbitrary PHP code.
</py:def>
@@ -27,28 +27,34 @@ We consider this vulnerability to be critical.
<py:def function="announcement_mitigation">
Additional steps from administrator are required to actually exploit this
-issue (web server writable config directory has to be created).
+issue (a web server writable config directory has to be created).
</py:def>
<py:def function="announcement_affected">
-For 2.11.x: versions before 2.11.9.5.<br />
-For 3.x: versions before 3.1.3.1.<br />
+For 2.11.x: versions before 2.11.10.1.
+</py:def>
+
+<py:def function="announcement_unaffected">
+Branch 3.x is not affected by this.
</py:def>
<py:def function="announcement_solution">
-Upgrade to phpMyAdmin 2.11.9.5 or 3.1.3.1 or apply patch listed below.
+Upgrade to phpMyAdmin 2.11.10.1 or apply the patch listed below.
</py:def>
-<py:def function="announcement_patches">
-<a href="http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revisi…">Revision 12301</a> was applied on all branches.
+<py:def function="announcement_commits_2_11">
+30c83acddb58d3bbf940b5f9ec28abf5b235f4d2
</py:def>
<py:def function="announcement_references">
-Thanks to Greg Ose (Neohapsis), who has discovered this issue and reported it to us.
+Thanks to Takeshi Terada of Mitsui Bussan Secure Directions, Inc., who has
+discovered this issue and reported it to us. See the <a
+href="https://sourceforge.net/tracker/?func=detail&aid=3045132&group_id=2…">reported
+bug</a> for more details.
</py:def>
-<py:def function="announcement_cve">CVE-2009-1151</py:def>
+<py:def function="announcement_cve">CVE-2010-3055</py:def>
<xi:include href="_page.tpl" />
</html>
diff --git a/templates/security/PMASA-2010-5 b/templates/security/PMASA-2010-5
new file mode 100644
index 0000000..cb7b2bb
--- /dev/null
+++ b/templates/security/PMASA-2010-5
@@ -0,0 +1,87 @@
+<html xmlns:py="http://genshi.edgewall.org/" xmlns:xi="http://www.w3.org/2001/XInclude" py:strip="">
+
+<py:def function="announcement_id">
+PMASA-2010-5
+</py:def>
+
+<py:def function="announcement_date">
+2010-08-20
+</py:def>
+
+<py:def function="announcement_summary">
+Several XSS vulnerabilities were found in the code.
+</py:def>
+
+<py:def function="announcement_description">
+It was possible to conduct a XSS attack using crafted URLs or POST parameters on several pages.
+</py:def>
+
+<py:def function="announcement_severity">
+We consider this vulnerability to be serious.
+</py:def>
+
+<py:def function="announcement_mitigation">
+If the auth_type directive is set to 'config' and the directory is not protected,
+these attacks are more likely to succeed; otherwise, an attacker would need to obtain a
+valid token via another flaw on the server to be able to exploit these vulnerabilities.
+</py:def>
+
+<py:def function="announcement_affected">
+For 2.11.x: versions before 2.11.10.1 are affected.<br />
+For 3.x: versions before 3.3.5.1 are affected.
+</py:def>
+
+<py:def function="announcement_solution">
+Upgrade to phpMyAdmin 3.3.5.1 or 2.11.10.1 or newer or apply patch listed below.
+</py:def>
+
+<py:def function="announcement_references">
+Thanks to Aung Khant from <a href="http://yehg.net">YGN Ethical Hacker Group,
+Myanmar</a> for reporting this issue. See <a
+href="http://yehg.net/lab/pr0js/advisories/phpmyadmin/%5Bphpmyadmin-3.3.5%5D_cros…">their
+advisory</a> for more details. After this report the team did audit the code as well
+and discovered more issues which are fixed as well.
+</py:def>
+
+<py:def function="announcement_cve">CVE-2010-3056</py:def>
+
+<py:def function="announcement_commits">
+48e909660032ddcbc13172830761e363e7a64d72
+be0f47a93141e2950ad400b8d22a2a98512825c2
+cd205cc55a46e3dc0f8883966f5c854f842e1000
+7dc6cea06522b2d4af50934c983f3967540a4918
+6028221d97efa2a7d56a61ab4c5750d1b2343619
+2a1233b69ccc6c64819c2840ca5277c2dde0b9e0
+fa30188dde357426d339d0d7e29a3969f88d188a
+00add5c43f594f80dab6304a5bb35d2e50540d2d
+c75e41d5d8cdd9bbc745c8cbe2c16998fda1de0c
+533e10213590e7ccd83b98a5cd19ba1c3be119dd
+ea3b718fc379c15e773cc2f18ea4c8ccfa9af57b
+7f266483b827fb05a4be11663003418c2ef1c878
+5bcd95a42c8ba924d389eafee4d7be80bd4039a3
+6d548f7d449b7d4b796949d10a503484f63eaf82
+d2e0e09e0d402555a6223f0b683fdbfa97821a63
+f273e6cbf6e2eea7367f7ef9c63c97ea55b92ca0
+bf60ec82e948450ae18b9e66c48d27da55ebe860
+59b3b4916b31fa44f31b1e2d243ca7dda012ba37
+</py:def>
+
+<py:def function="announcement_commits_2_11">
+a7c004d8d4069ca3c7d1c221f37b9cab39e36aaf
+8b7f07cd954221f276ab11e2c3d98f18deb2f551
+1fe1aa6c0e2d85bed1343f4be21d672368e0a9c1
+8b8ce64792bb981cefc37a19f29f28f112df1c16
+a4a54da173440d4c5097aececef56c28c14dc52e
+c69fca50ee81ff74cda860aad339d4185d32e194
+c910f4c9ec9af876675d96df3fa65d7fc4551cc6
+08e27b89077df26a0f7f0390322bbe80e0437aa1
+110c44a7a3117b94b065742606cc6f7bc05f8cd5
+4951fd1c854d88e22935fd55d342fcb1670dc8e4
+4a50055d52cb1d6ba125b743b0eb422d5549b9c9
+0fd0512c9b7344abad60ab9effb7b7537b2b5d08
+2051a861f8a968dafc297650036cc7e640a18887
+a88dbaf305a44107ffb557e9d93512792744af84
+</py:def>
+
+<xi:include href="_page.tpl" />
+</html>
hooks/post-receive
--
phpMyAdmin website
The branch, master has been updated
via 6f2e601a4540541517e2f44286c4debb69fd48bb (commit)
from e8746e3b67e8db3d9cf9edd4498cc0542c7372ef (commit)
- Log -----------------------------------------------------------------
commit 6f2e601a4540541517e2f44286c4debb69fd48bb
Author: Michal Čihař <mcihar(a)novell.com>
Date: Fri Aug 20 12:11:54 2010 +0200
Fix link.
-----------------------------------------------------------------------
Summary of changes:
templates/downloads.tpl | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/templates/downloads.tpl b/templates/downloads.tpl
index 9caf150..1c0b330 100644
--- a/templates/downloads.tpl
+++ b/templates/downloads.tpl
@@ -71,7 +71,7 @@
<h2>Older Releases</h2>
<p>
You can find some older releases on <a
- href="https://sourceforge.net/project/showfiles.php?group_id=23067&package_id…">SourceForge
+ href="https://sourceforge.net/projects/phpmyadmin/files/">SourceForge
files page</a>. Releases which had security issues are removed from this
download location, if you want to see them, you need to get them from our
Subversion repository (check <a href="${base_url}improve.${file_ext}#devel">developer information</a> for instructions).
hooks/post-receive
--
phpMyAdmin website
The branch, master has been updated
via 5f837f08c982eff232c52ab8f38e53f5d9a83e90 (commit)
via a29323a1a6d1a3d4e65d80f0719b4199c18c3f4a (commit)
from 0dbb216682fbf7cd6bc42a001ff17c5fde4a82eb (commit)
- Log -----------------------------------------------------------------
commit 5f837f08c982eff232c52ab8f38e53f5d9a83e90
Merge: 0dbb216682fbf7cd6bc42a001ff17c5fde4a82eb a29323a1a6d1a3d4e65d80f0719b4199c18c3f4a
Author: Michal Čihař <mcihar(a)novell.com>
Date: Fri Aug 20 11:02:50 2010 +0200
Merge branch 'QA_3_3'
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
Documentation.html | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 4b6bda7..03d58c4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -116,6 +116,7 @@ $Id$
- bug #3040226 [XHTML] LockFromUpdate checkbox not checked by default
- bug [doc] Withdraw or edit FAQ entries related to older MySQL or PHP
- bug #3042706 [pmadb] Relations, bookmarks, etc deleted after table drop
+- bug #3044189 [doc] Cleared documentation for hide_db.
3.3.5.0 (2010-07-26)
- patch #2932113 [information_schema] Slow export when having lots of
diff --git a/Documentation.html b/Documentation.html
index 2238acf..a782847 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -849,7 +849,7 @@ since this link provides funding for phpMyAdmin.
For example, to hide all databases starting with the letter "a", use<br />
<pre>$cfg['Servers'][$i]['hide_db'] = '^a';</pre>
and to hide both "db1" and "db2" use <br />
- <pre>$cfg['Servers'][$i]['hide_db'] = '(db1|db2)';</pre>
+ <pre>$cfg['Servers'][$i]['hide_db'] = '^(db1|db2)$';</pre>
More information on regular expressions can be found in the
<a href="http://php.net/manual/en/reference.pcre.pattern.syntax.php">
PCRE pattern syntax</a> portion of the PHP reference manual.
hooks/post-receive
--
phpMyAdmin
The branch, QA_3_3 has been updated
via a29323a1a6d1a3d4e65d80f0719b4199c18c3f4a (commit)
from e8cf1ac6773cf868ff79ed286494ea13b58da528 (commit)
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 1 +
Documentation.html | 2 +-
2 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index a2a7ed9..8079e70 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -16,6 +16,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #3040226 [XHTML] LockFromUpdate checkbox not checked by default
- bug [doc] Withdraw or edit FAQ entries related to older MySQL or PHP
- bug #3042706 [pmadb] Relations, bookmarks, etc deleted after table drop
+- bug #3044189 [doc] Cleared documentation for hide_db.
3.3.5.0 (2010-07-26)
- patch #2932113 [information_schema] Slow export when having lots of
diff --git a/Documentation.html b/Documentation.html
index 2391afb..bfe5bb7 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -834,7 +834,7 @@ since this link provides funding for phpMyAdmin.
For example, to hide all databases starting with the letter "a", use<br />
<pre>$cfg['Servers'][$i]['hide_db'] = '^a';</pre>
and to hide both "db1" and "db2" use <br />
- <pre>$cfg['Servers'][$i]['hide_db'] = '(db1|db2)';</pre>
+ <pre>$cfg['Servers'][$i]['hide_db'] = '^(db1|db2)$';</pre>
More information on regular expressions can be found in the
<a href="http://php.net/manual/en/reference.pcre.pattern.syntax.php">
PCRE pattern syntax</a> portion of the PHP reference manual.
hooks/post-receive
--
phpMyAdmin