mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 17:59:59 +00:00
Code Issues Projects Releases Wiki Activity
12,561 Commits 64 Branches 0 Tags
stable/thud-nmut
Commit Graph

8 Commits

Author SHA1 Message Date
Jackie Huang 1a6e6a9d96 phpmyadmin: upgrade to 4.6.3 
* Compatible with PHP 5.5 to 7.0 and MySQL 5.5 and newer.

* Release notes: http://www.phpmyadmin.net/files/4.6.3/

* Drop two CVE patches which have been fixed:
  CVE-2015-7873 and CVE-2015-8669

* Use PV in SRC_URI instead of hardcoded version number.

Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
 2016-07-29 11:00:57 +02:00
Liu Jian 350ad5dd55 phpmyadmin: CVE-2015-8669 
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12,
4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers
to obtain sensitive information via a crafted request, which reveals
the full path in an error message.

This patch is from https://github.com/phpmyadmin/phpmyadmin/commit/c4d649325b25139d7c097e56e2e46cc7187fae45

Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
 2016-02-01 15:58:04 +01:00
Wenzong Fan b12220887e phpmyadmin: fix CVE-2015-7873 
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1
and 4.5.x before 4.5.1 allows remote attackers to spoof content via the
url parameter.

Backport upstream commit to fix it:
https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
 2015-12-18 12:44:42 +01:00
Paul Eggleton 1601beb5a5 phpmyadmin: update to 4.3.4 
Drop patches merged upstream.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
 2015-01-08 12:04:27 +01:00
Roy Li 6b530d936f phpmyadmin: fix for Security Advisory CVE-2014-7217 
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before
4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote
authenticated users to inject arbitrary web script or HTML via a crafted ENUM
value that is improperly handled during rendering of the (1) table search or (2)
table structure page, related to
libraries/TableSearch.class.php and libraries/Util.class.php.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7217

Signed-off-by: Roy Li <rongqing.li@windriver.com>
 2014-10-31 11:35:25 +00:00
Roy Li 7edda3d926 phpmyadmin: fix for Security Advisory CVE-2014-5274 
Cross-site scripting (XSS) vulnerability in the view operations page in
phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote
authenticated users to inject arbitrary web script or HTML via a crafted
view name, related to js/functions.js.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274

Signed-off-by: Roy Li <rongqing.li@windriver.com>
 2014-10-31 11:35:25 +00:00
Roy Li 780fb7c811 phpmyadmin: fix for Security Advisory CVE-2014-5273 
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow
remote authenticated users to inject arbitrary web script or HTML via the
(1) browse table page, related to js/sql.js; (2) ENUM editor page, related
to js/functions.js; (3) monitor page, related to js/server_status_monitor.js;
(4) query charts page, related to js/tbl_chart.js; or (5) table relations
page, related to libraries/tbl_relation.lib.php.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5273

Signed-off-by: Roy Li <rongqing.li@windriver.com>
 2014-10-31 11:35:25 +00:00
Paul Eggleton edc5dd9a22 phpmyadmin: add new recipe 
Add new recipe for phpMyAdmin 3.5.2.2, borrowing the apache.conf file
from Debian (with the addition of "Require all granted" to enable
access).

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
 2012-10-09 11:09:23 +02:00