[phpMyAdmin Git] [phpmyadmin/phpmyadmin] 06538a: ChangeLog entries for security issues

Branch: refs/heads/MAINT_4_4_15 Home: https://github.com/phpmyadmin/phpmyadmin Commit: 06538a39d0a2b756d1e879647f7dfde0a1b4fc2b https://github.com/phpmyadmin/phpmyadmin/commit/06538a39d0a2b756d1e879647f7… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-01-28 (Thu, 28 Jan 2016) Changed paths: M ChangeLog Log Message: ----------- ChangeLog entries for security issues Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: 6c69aa899c6d77f34ecb68ae3d307b81add85261 https://github.com/phpmyadmin/phpmyadmin/commit/6c69aa899c6d77f34ecb68ae3d3… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/session.inc.php Log Message: ----------- Merge branch 'MAINT_4_4_15' into MAINT_4_4_15-security Commit: 5168199f76c99f8c99b30e5142fa2c1a99ee5c35 https://github.com/phpmyadmin/phpmyadmin/commit/5168199f76c99f8c99b30e5142f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M js/functions.js Log Message: ----------- Escape SQL query for inline editing Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 90df124797175688a63be0d0a311210e92f09895 https://github.com/phpmyadmin/phpmyadmin/commit/90df124797175688a63be0d0a31… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M libraries/structure.lib.php Log Message: ----------- Fix XSS in database structure page Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: 492fee722e3a0e5107246195a8d4665b87307800 https://github.com/phpmyadmin/phpmyadmin/commit/492fee722e3a0e5107246195a8d… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M normalization.php Log Message: ----------- Fix XSS in normalization Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: dd853f89c6daa64db0c934cc166c90396a35338d https://github.com/phpmyadmin/phpmyadmin/commit/dd853f89c6daa64db0c934cc166… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M libraries/tcpdf/include/tcpdf_static.php Log Message: ----------- Avoid skipping the SSL certificate check in TCPDF This code is never used in phpMyAdmin, but we fix it just to avoid potential security reports. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 79c515921fe45ae14bd156b4f19686bf4f72e80b https://github.com/phpmyadmin/phpmyadmin/commit/79c515921fe45ae14bd156b4f19… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M libraries/structure.lib.php Log Message: ----------- Merge pull request #18 from phpmyadmin/sec_1_3 Fix XSS in database structure page Commit: 8025745ff017274970435000a9011dfab1e04e98 https://github.com/phpmyadmin/phpmyadmin/commit/8025745ff017274970435000a90… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M js/functions.js M js/normalization.js Log Message: ----------- Fix XSS in normalization.js Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: 25e6bf3362a793abb59ecd668e9121a4c471e101 https://github.com/phpmyadmin/phpmyadmin/commit/25e6bf3362a793abb59ecd668e9… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M js/normalization.js Log Message: ----------- Escape selectors Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: 9ec0b598bd0c5a5b63e483801057ab8a22e82527 https://github.com/phpmyadmin/phpmyadmin/commit/9ec0b598bd0c5a5b63e48380105… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M libraries/Config.class.php Log Message: ----------- Urlencode hostname This can come from the HTTP header, so we need to be sure to sanitize it. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 99b8258fbdc5c2a6439c1b070a3693f0501b2f61 https://github.com/phpmyadmin/phpmyadmin/commit/99b8258fbdc5c2a6439c1b070a3… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M normalization.php Log Message: ----------- Merge pull request #21 from phpmyadmin/sec_1_4 Fix XSS in normalization Commit: 081551c5890c8675c15e8507eac786a78b5cb790 https://github.com/phpmyadmin/phpmyadmin/commit/081551c5890c8675c15e8507eac… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M file_echo.php Log Message: ----------- Use correct headers for json data It was previously not marked as such what could potentially lead to browsers doing some autodetection. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ad21889ba8424857de7ed9e6c7ef012f2f9c7ea6 https://github.com/phpmyadmin/phpmyadmin/commit/ad21889ba8424857de7ed9e6c7e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M js/functions.js M js/normalization.js Log Message: ----------- Merge pull request #24 from phpmyadmin/sec_1_5 Fix XSS in normalization.js Commit: 65c4a999ede9ae25e27f0e850b5d99a9685ac930 https://github.com/phpmyadmin/phpmyadmin/commit/65c4a999ede9ae25e27f0e850b5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M ChangeLog Log Message: ----------- Add changes for security issues Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f4d9d4c868cf0bba999a1bee8b05bbeb9f22e5f2 https://github.com/phpmyadmin/phpmyadmin/commit/f4d9d4c868cf0bba999a1bee8b0… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-02-27 (Sat, 27 Feb 2016) Changed paths: M js/normalization.js Log Message: ----------- Fix XSS in normalization.js Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: c539ef288eb5ca2f7810ccf7f2d471673dc63bcf https://github.com/phpmyadmin/phpmyadmin/commit/c539ef288eb5ca2f7810ccf7f2d… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M db_central_columns.php Log Message: ----------- Fix XSS in Central columns page Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: d0cdcf54a6a10a63cf882152a0a7430a967fa31e https://github.com/phpmyadmin/phpmyadmin/commit/d0cdcf54a6a10a63cf882152a0a… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M libraries/server_privileges.lib.php Log Message: ----------- Fix XSS in User accounts page Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: 07591a2b1b96ab0ee3fa6377972ed2d557af22ed https://github.com/phpmyadmin/phpmyadmin/commit/07591a2b1b96ab0ee3fa6377972… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M tbl_zoom_select.php Log Message: ----------- Fix XSS in zoom search Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: b7c2e99987c2c52c6e8010b55b75f3c1c039216a https://github.com/phpmyadmin/phpmyadmin/commit/b7c2e99987c2c52c6e8010b55b7… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php Log Message: ----------- 4.4.15.5 release Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/32f512698518...b7c2e99987c2