mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 16:27:27 +00:00
phpmyadmin: CVE-2015-8669
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message. This patch is from https://github.com/phpmyadmin/phpmyadmin/commit/c4d649325b25139d7c097e56e2e46cc7187fae45 Signed-off-by: Jian Liu <jian.liu@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This commit is contained in:
@@ -0,0 +1,18 @@
|
|||||||
|
[Security] Path disclosure, see PMASA-2015-6
|
||||||
|
|
||||||
|
Upstream-Status: Bacport
|
||||||
|
|
||||||
|
Signed-off-by: Marc Delisle <marc@infomarc.info>
|
||||||
|
|
||||||
|
diff -Nur phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php
|
||||||
|
--- phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php 2016-01-20 15:11:15.410106888 +0800
|
||||||
|
+++ phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php 2016-01-20 15:14:05.758108076 +0800
|
||||||
|
@@ -11,7 +11,7 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
if (!function_exists('__')) {
|
||||||
|
- PMA_fatalError('Bad invocation!');
|
||||||
|
+ exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
$strConfigAllowArbitraryServer_desc = __(
|
||||||
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
|
|||||||
|
|
||||||
SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
|
SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
|
||||||
file://Port-content-spoofing-fix-CVE-2015-7873.patch \
|
file://Port-content-spoofing-fix-CVE-2015-7873.patch \
|
||||||
file://apache.conf"
|
file://apache.conf \
|
||||||
|
file://phpmyadmin-CVE-2015-8669.patch \
|
||||||
|
"
|
||||||
|
|
||||||
SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"
|
SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"
|
||||||
SRC_URI[sha256sum] = "d2e90ea486d90b4ebe5eb02d7ad349ad2916c12a8981f98553395ef78d22a8ec"
|
SRC_URI[sha256sum] = "d2e90ea486d90b4ebe5eb02d7ad349ad2916c12a8981f98553395ef78d22a8ec"
|
||||||
|
|||||||
Reference in New Issue
Block a user