[phpMyAdmin Git] [phpmyadmin/phpmyadmin] 06538a: ChangeLog entries for security issues
Isaac Bennetch
bennetch at gmail.com
Mon Feb 29 21:33:29 CET 2016
Branch: refs/heads/MAINT_4_4_15
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 06538a39d0a2b756d1e879647f7dfde0a1b4fc2b
https://github.com/phpmyadmin/phpmyadmin/commit/06538a39d0a2b756d1e879647f7dfde0a1b4fc2b
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-01-28 (Thu, 28 Jan 2016)
Changed paths:
M ChangeLog
Log Message:
-----------
ChangeLog entries for security issues
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 6c69aa899c6d77f34ecb68ae3d307b81add85261
https://github.com/phpmyadmin/phpmyadmin/commit/6c69aa899c6d77f34ecb68ae3d307b81add85261
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.class.php
M libraries/plugins/auth/AuthenticationCookie.class.php
M libraries/session.inc.php
Log Message:
-----------
Merge branch 'MAINT_4_4_15' into MAINT_4_4_15-security
Commit: 5168199f76c99f8c99b30e5142fa2c1a99ee5c35
https://github.com/phpmyadmin/phpmyadmin/commit/5168199f76c99f8c99b30e5142fa2c1a99ee5c35
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M js/functions.js
Log Message:
-----------
Escape SQL query for inline editing
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 90df124797175688a63be0d0a311210e92f09895
https://github.com/phpmyadmin/phpmyadmin/commit/90df124797175688a63be0d0a311210e92f09895
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M libraries/structure.lib.php
Log Message:
-----------
Fix XSS in database structure page
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 492fee722e3a0e5107246195a8d4665b87307800
https://github.com/phpmyadmin/phpmyadmin/commit/492fee722e3a0e5107246195a8d4665b87307800
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M normalization.php
Log Message:
-----------
Fix XSS in normalization
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: dd853f89c6daa64db0c934cc166c90396a35338d
https://github.com/phpmyadmin/phpmyadmin/commit/dd853f89c6daa64db0c934cc166c90396a35338d
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M libraries/tcpdf/include/tcpdf_static.php
Log Message:
-----------
Avoid skipping the SSL certificate check in TCPDF
This code is never used in phpMyAdmin, but we fix it just to avoid
potential security reports.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 79c515921fe45ae14bd156b4f19686bf4f72e80b
https://github.com/phpmyadmin/phpmyadmin/commit/79c515921fe45ae14bd156b4f19686bf4f72e80b
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M libraries/structure.lib.php
Log Message:
-----------
Merge pull request #18 from phpmyadmin/sec_1_3
Fix XSS in database structure page
Commit: 8025745ff017274970435000a9011dfab1e04e98
https://github.com/phpmyadmin/phpmyadmin/commit/8025745ff017274970435000a9011dfab1e04e98
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M js/functions.js
M js/normalization.js
Log Message:
-----------
Fix XSS in normalization.js
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 25e6bf3362a793abb59ecd668e9121a4c471e101
https://github.com/phpmyadmin/phpmyadmin/commit/25e6bf3362a793abb59ecd668e9121a4c471e101
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M js/normalization.js
Log Message:
-----------
Escape selectors
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 9ec0b598bd0c5a5b63e483801057ab8a22e82527
https://github.com/phpmyadmin/phpmyadmin/commit/9ec0b598bd0c5a5b63e483801057ab8a22e82527
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M libraries/Config.class.php
Log Message:
-----------
Urlencode hostname
This can come from the HTTP header, so we need to be sure to sanitize
it.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 99b8258fbdc5c2a6439c1b070a3693f0501b2f61
https://github.com/phpmyadmin/phpmyadmin/commit/99b8258fbdc5c2a6439c1b070a3693f0501b2f61
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M normalization.php
Log Message:
-----------
Merge pull request #21 from phpmyadmin/sec_1_4
Fix XSS in normalization
Commit: 081551c5890c8675c15e8507eac786a78b5cb790
https://github.com/phpmyadmin/phpmyadmin/commit/081551c5890c8675c15e8507eac786a78b5cb790
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M file_echo.php
Log Message:
-----------
Use correct headers for json data
It was previously not marked as such what could potentially lead to
browsers doing some autodetection.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: ad21889ba8424857de7ed9e6c7ef012f2f9c7ea6
https://github.com/phpmyadmin/phpmyadmin/commit/ad21889ba8424857de7ed9e6c7ef012f2f9c7ea6
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M js/functions.js
M js/normalization.js
Log Message:
-----------
Merge pull request #24 from phpmyadmin/sec_1_5
Fix XSS in normalization.js
Commit: 65c4a999ede9ae25e27f0e850b5d99a9685ac930
https://github.com/phpmyadmin/phpmyadmin/commit/65c4a999ede9ae25e27f0e850b5d99a9685ac930
Author: Michal Čihař <michal at cihar.com>
Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths:
M ChangeLog
Log Message:
-----------
Add changes for security issues
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: f4d9d4c868cf0bba999a1bee8b05bbeb9f22e5f2
https://github.com/phpmyadmin/phpmyadmin/commit/f4d9d4c868cf0bba999a1bee8b05bbeb9f22e5f2
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-27 (Sat, 27 Feb 2016)
Changed paths:
M js/normalization.js
Log Message:
-----------
Fix XSS in normalization.js
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: c539ef288eb5ca2f7810ccf7f2d471673dc63bcf
https://github.com/phpmyadmin/phpmyadmin/commit/c539ef288eb5ca2f7810ccf7f2d471673dc63bcf
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M db_central_columns.php
Log Message:
-----------
Fix XSS in Central columns page
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: d0cdcf54a6a10a63cf882152a0a7430a967fa31e
https://github.com/phpmyadmin/phpmyadmin/commit/d0cdcf54a6a10a63cf882152a0a7430a967fa31e
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M libraries/server_privileges.lib.php
Log Message:
-----------
Fix XSS in User accounts page
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 07591a2b1b96ab0ee3fa6377972ed2d557af22ed
https://github.com/phpmyadmin/phpmyadmin/commit/07591a2b1b96ab0ee3fa6377972ed2d557af22ed
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M tbl_zoom_select.php
Log Message:
-----------
Fix XSS in zoom search
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: b7c2e99987c2c52c6e8010b55b75f3c1c039216a
https://github.com/phpmyadmin/phpmyadmin/commit/b7c2e99987c2c52c6e8010b55b75f3c1c039216a
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.class.php
Log Message:
-----------
4.4.15.5 release
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/32f512698518...b7c2e99987c2
More information about the Git
mailing list