phpmyadmin: fix CVE-2015-7873

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1
and 4.5.x before 4.5.1 allows remote attackers to spoof content via the
url parameter.

Backport upstream commit to fix it:
https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
This commit is contained in:
Wenzong Fan
2015-11-14 04:47:56 -05:00
committed by Martin Jansa
parent 4c21d7a02f
commit b12220887e
2 changed files with 49 additions and 0 deletions
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
file://Port-content-spoofing-fix-CVE-2015-7873.patch \
file://apache.conf"
SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"