diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-03-05 10:42:44 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-03-07 11:02:27 +0000 |
commit | a22a08931f0226274a1d57544d0d3c18831e51bc (patch) | |
tree | 36037c72316c0f7b92a6392106e38826264ea0ac | |
parent | 750c0332d8f382ce141d9bd77f26aff504dd0648 (diff) | |
download | aports-a22a08931f0226274a1d57544d0d3c18831e51bc.tar.bz2 aports-a22a08931f0226274a1d57544d0d3c18831e51bc.tar.xz |
main/phpmyadmin: security fix for CVE-2014-1879
fixes #2737
-rw-r--r-- | main/phpmyadmin/APKBUILD | 12 | ||||
-rw-r--r-- | main/phpmyadmin/CVE-2014-1879.patch | 14 |
2 files changed, 22 insertions, 4 deletions
diff --git a/main/phpmyadmin/APKBUILD b/main/phpmyadmin/APKBUILD index 579a32c196..e27e69f8ef 100644 --- a/main/phpmyadmin/APKBUILD +++ b/main/phpmyadmin/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Matt Smith <mcs@darkregion.net> pkgname=phpmyadmin pkgver=4.0.9 -pkgrel=0 +pkgrel=1 pkgdesc="A Web-based PHP tool for administering MySQL" url="http://www.phpmyadmin.net/" arch="noarch" @@ -16,6 +16,7 @@ subpackages="$pkgname-doc" _fullpkgname=phpMyAdmin-$pkgver-all-languages source="http://downloads.sourceforge.net/$pkgname/$_fullpkgname.tar.gz $pkgname.apache2.conf + CVE-2014-1879.patch " _builddir="$srcdir"/$_fullpkgname @@ -75,8 +76,11 @@ doc() { } md5sums="f5c8bfcd75b5ee1914a248514e5b9b10 phpMyAdmin-4.0.9-all-languages.tar.gz -2d144825122042b4a2536ad789d66e8e phpmyadmin.apache2.conf" +2d144825122042b4a2536ad789d66e8e phpmyadmin.apache2.conf +e43c1db558e138711d0c36b2551dfa04 CVE-2014-1879.patch" sha256sums="e7d22f3af3e0e363a6330f464a5f1cdd76f20bc5bcf0f980585d517c1ea4a80d phpMyAdmin-4.0.9-all-languages.tar.gz -4fbc1d0338ed7234a3d74f71910a24e467c8a0ec1dad31324e954741f93bd2d3 phpmyadmin.apache2.conf" +4fbc1d0338ed7234a3d74f71910a24e467c8a0ec1dad31324e954741f93bd2d3 phpmyadmin.apache2.conf +e4acf68098ec2a980f830fdad5adb8132d9c75de02187afd089d07ff166b13d2 CVE-2014-1879.patch" sha512sums="68c014659326214f95a49c21db9711608ec6af0f4335280947305dbb4bb5fb20738ff81b5dcd3c055b10b491ab11ff10521816a6ec30c0c9f23d8de2a5704b51 phpMyAdmin-4.0.9-all-languages.tar.gz -c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105 phpmyadmin.apache2.conf" +c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105 phpmyadmin.apache2.conf +d347772c119789bd4aa51b3c7362c12c989faf9ae2676a2b29a56502866179ae38f979748009ec43ffe9676e9175766802498807eacd85d33e800bf16b7067e1 CVE-2014-1879.patch" diff --git a/main/phpmyadmin/CVE-2014-1879.patch b/main/phpmyadmin/CVE-2014-1879.patch new file mode 100644 index 0000000000..4176824602 --- /dev/null +++ b/main/phpmyadmin/CVE-2014-1879.patch @@ -0,0 +1,14 @@ +--- ./import.php.orig ++++ ./import.php +@@ -549,9 +549,9 @@ + + $message->addString($import_notice); + if (isset($local_import_file)) { +- $message->addString('(' . $local_import_file . ')'); ++ $message->addString('(' . htmlspecialchars($local_import_file) . ')'); + } else { +- $message->addString('(' . $_FILES['import_file']['name'] . ')'); ++ $message->addString('(' . htmlspecialchars($_FILES['import_file']['name']) . ')'); + } + } else { + $message = PMA_Message::success( |