diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2014-03-05 10:42:44 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-03-07 11:03:50 +0000 |
commit | c6a60a36482eed479741be0641f726f32d509ca9 (patch) | |
tree | 2f1a8793d0efea833acb3405ed9edc0aec7cbf64 | |
parent | 565ead6e8891efbced953f1bf9688a3a304753da (diff) | |
download | aports-c6a60a36482eed479741be0641f726f32d509ca9.tar.bz2 aports-c6a60a36482eed479741be0641f726f32d509ca9.tar.xz |
main/phpmyadmin: security fix for CVE-2014-1879
fixes #2738
-rw-r--r-- | main/phpmyadmin/APKBUILD | 12 | ||||
-rw-r--r-- | main/phpmyadmin/CVE-2014-1879.patch | 14 |
2 files changed, 22 insertions, 4 deletions
diff --git a/main/phpmyadmin/APKBUILD b/main/phpmyadmin/APKBUILD index b7c8f4eeb7..31124bc28a 100644 --- a/main/phpmyadmin/APKBUILD +++ b/main/phpmyadmin/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Matt Smith <mcs@darkregion.net> pkgname=phpmyadmin pkgver=4.0.9 -pkgrel=0 +pkgrel=1 pkgdesc="A Web-based PHP tool for administering MySQL" url="http://www.phpmyadmin.net/" arch="noarch" @@ -15,6 +15,7 @@ subpackages="$pkgname-doc" _fullpkgname=phpMyAdmin-$pkgver-all-languages source="http://downloads.sourceforge.net/$pkgname/$_fullpkgname.tar.gz $pkgname.apache2.conf + CVE-2014-1879.patch " _builddir="$srcdir"/$_fullpkgname @@ -74,8 +75,11 @@ doc() { } md5sums="f5c8bfcd75b5ee1914a248514e5b9b10 phpMyAdmin-4.0.9-all-languages.tar.gz -2d144825122042b4a2536ad789d66e8e phpmyadmin.apache2.conf" +2d144825122042b4a2536ad789d66e8e phpmyadmin.apache2.conf +e43c1db558e138711d0c36b2551dfa04 CVE-2014-1879.patch" sha256sums="e7d22f3af3e0e363a6330f464a5f1cdd76f20bc5bcf0f980585d517c1ea4a80d phpMyAdmin-4.0.9-all-languages.tar.gz -4fbc1d0338ed7234a3d74f71910a24e467c8a0ec1dad31324e954741f93bd2d3 phpmyadmin.apache2.conf" +4fbc1d0338ed7234a3d74f71910a24e467c8a0ec1dad31324e954741f93bd2d3 phpmyadmin.apache2.conf +e4acf68098ec2a980f830fdad5adb8132d9c75de02187afd089d07ff166b13d2 CVE-2014-1879.patch" sha512sums="68c014659326214f95a49c21db9711608ec6af0f4335280947305dbb4bb5fb20738ff81b5dcd3c055b10b491ab11ff10521816a6ec30c0c9f23d8de2a5704b51 phpMyAdmin-4.0.9-all-languages.tar.gz -c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105 phpmyadmin.apache2.conf" +c6af2960b95924c31cc05d90e7282ba9be6cb6eabb134b8bb627230a4253c017eca75132420a356acd6aecdce146e29666ed90fc90749820060a64478d3e2105 phpmyadmin.apache2.conf +d347772c119789bd4aa51b3c7362c12c989faf9ae2676a2b29a56502866179ae38f979748009ec43ffe9676e9175766802498807eacd85d33e800bf16b7067e1 CVE-2014-1879.patch" diff --git a/main/phpmyadmin/CVE-2014-1879.patch b/main/phpmyadmin/CVE-2014-1879.patch new file mode 100644 index 0000000000..4176824602 --- /dev/null +++ b/main/phpmyadmin/CVE-2014-1879.patch @@ -0,0 +1,14 @@ +--- ./import.php.orig ++++ ./import.php +@@ -549,9 +549,9 @@ + + $message->addString($import_notice); + if (isset($local_import_file)) { +- $message->addString('(' . $local_import_file . ')'); ++ $message->addString('(' . htmlspecialchars($local_import_file) . ')'); + } else { +- $message->addString('(' . $_FILES['import_file']['name'] . ')'); ++ $message->addString('(' . htmlspecialchars($_FILES['import_file']['name']) . ')'); + } + } else { + $message = PMA_Message::success( |