diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-03-05 10:42:44 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-03-05 10:43:13 +0000 |
commit | 3e6173a5d5cb637e4eaf0b4ed7ed7a4b475096c8 (patch) | |
tree | 408e0c51b52a0e49315829563ab81cf492d598ab | |
parent | 4bac042f438038d28cfeec08b87ed83b44c4be04 (diff) | |
download | aports-3e6173a5d5cb637e4eaf0b4ed7ed7a4b475096c8.tar.bz2 aports-3e6173a5d5cb637e4eaf0b4ed7ed7a4b475096c8.tar.xz |
main/phpmyadmin: security fix for CVE-2014-1879
-rw-r--r-- | main/phpmyadmin/APKBUILD | 6 | ||||
-rw-r--r-- | main/phpmyadmin/CVE-2014-1879.patch | 16 |
2 files changed, 20 insertions, 2 deletions
diff --git a/main/phpmyadmin/APKBUILD b/main/phpmyadmin/APKBUILD index ca79253451..0eb79f3bcb 100644 --- a/main/phpmyadmin/APKBUILD +++ b/main/phpmyadmin/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Matt Smith <mcs@darkregion.net> pkgname=phpmyadmin pkgver=3.4.11.1 -pkgrel=0 +pkgrel=1 pkgdesc="A Web-based PHP tool for administering MySQL" url="http://www.phpmyadmin.net/" arch="noarch" @@ -15,6 +15,7 @@ subpackages="$pkgname-doc" _fullpkgname=phpMyAdmin-$pkgver-all-languages source="http://downloads.sourceforge.net/$pkgname/$_fullpkgname.tar.gz $pkgname.apache2.conf + CVE-2014-1879.patch " _builddir="$srcdir"/$_fullpkgname @@ -85,4 +86,5 @@ doc() { } md5sums="e54cedac04ef1743eae381c9affd2fc1 phpMyAdmin-3.4.11.1-all-languages.tar.gz -2d144825122042b4a2536ad789d66e8e phpmyadmin.apache2.conf" +2d144825122042b4a2536ad789d66e8e phpmyadmin.apache2.conf +656da7eed80951a99de50d2f343e6fe8 CVE-2014-1879.patch" diff --git a/main/phpmyadmin/CVE-2014-1879.patch b/main/phpmyadmin/CVE-2014-1879.patch new file mode 100644 index 0000000000..beb12d7542 --- /dev/null +++ b/main/phpmyadmin/CVE-2014-1879.patch @@ -0,0 +1,16 @@ +--- ./import.php.orig ++++ ./import.php +@@ -409,11 +409,11 @@ + $message->addParam($executed_queries); + + $message->addString($import_notice); +- $message->addString('(' . $_FILES['import_file']['name'] . ')'); ++ $message->addString('(' . htmlspecialchars($_FILES['import_file']['name']) . ')'); + } else { + $message = PMA_Message::success(__('Import has been successfully finished, %d queries executed.')); + $message->addParam($executed_queries); +- $message->addString('(' . $_FILES['import_file']['name'] . ')'); ++ $message->addString('(' . htmlspecialchars($_FILES['import_file']['name']) . ')'); + } + } + } |