mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00
Code Issues Projects Releases Wiki Activity

phpmyadmin: CVE-2015-8669

Browse Source 
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12,
4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers
to obtain sensitive information via a crafted request, which reveals
the full path in an error message.

This patch is from https://github.com/phpmyadmin/phpmyadmin/commit/c4d649325b25139d7c097e56e2e46cc7187fae45

Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This commit is contained in:
Liu Jian
2016-01-20 17:36:46 +08:00
committed by Martin Jansa
parent b7834b965e
commit 350ad5dd55
2 changed files with 21 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch
+18
View File
@@ -0,0 +1,18 @@
[Security] Path disclosure, see PMASA-2015-6
Upstream-Status: Bacport
Signed-off-by: Marc Delisle <marc@infomarc.info>
diff -Nur phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php
--- phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php 2016-01-20 15:11:15.410106888 +0800
+++ phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php 2016-01-20 15:14:05.758108076 +0800
@@ -11,7 +11,7 @@
*/
if (!function_exists('__')) {
- PMA_fatalError('Bad invocation!');
+ exit();
}
$strConfigAllowArbitraryServer_desc = __(