[Merge] lp:~julian-ladisch/ubuntu/precise/phpmyadmin/3.4.11.1-2+deb7u1 into lp:ubuntu/precise/phpmyadmin
Julian Ladisch
launchpad.net-hpe at ladisch.de
Fri Oct 16 10:29:24 UTC 2015
Julian Ladisch has proposed merging lp:~julian-ladisch/ubuntu/precise/phpmyadmin/3.4.11.1-2+deb7u1 into lp:ubuntu/precise/phpmyadmin.
Requested reviews:
Ubuntu branches (ubuntu-branches)
Related bugs:
Bug #1441568 in phpmyadmin (Ubuntu): "CVE 2012-1902: Path disclosure due to missing verification of file presence."
https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/1441568
Bug #1441587 in phpmyadmin (Ubuntu): "CVE-2012-4345: Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages."
https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/1441587
Bug #1441590 in phpmyadmin (Ubuntu): "CVE-2014-1879: Self-XSS due to unescaped HTML output in import."
https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/1441590
For more details, see:
https://code.launchpad.net/~julian-ladisch/ubuntu/precise/phpmyadmin/3.4.11.1-2+deb7u1/+merge/274691
* New upstream release.
* Fix security issues:
- CVE-2014-1879: Self-XSS due to unescaped HTML output in import.
LP: #1441590
- CVE-2012-4345, CVE-2012-4579: Multiple XSS in Table operations,
Database structure, Trigger and Visualize GIS data pages.
LP: #1441587
- CVE-2012-1902: Path disclosure due to missing verification of file presence.
LP: #1441568
* Add alternative dependency to php5-mysqlnd (closes: #665812).
--
Your team Ubuntu branches is requested to review the proposed merge of lp:~julian-ladisch/ubuntu/precise/phpmyadmin/3.4.11.1-2+deb7u1 into lp:ubuntu/precise/phpmyadmin.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: review-diff.txt
Type: text/x-diff
Size: 305343 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-reviews/attachments/20151016/390517a2/attachment-0001.diff>
More information about the Ubuntu-reviews
mailing list