ALT Linux repos
Group :: System/Servers
RPM: phpMyAdmin
Main Changelog Spec Patches Sources Download Gear Bugs and FR Repocop
23 march 2023 Vitaly Lipatov <lav at altlinux.ru> 5.2.1-alt1
- new version 5.2.1 (with rpmrb script)
+ PMASA-2023-01: fix for an XSS vulnerability in the drag-and-drop upload functionality
- remove obsoleted ALT README
- BR: rpm-macros-features >= 0.8 (where if_feature php* introduced)
- new version 5.2.0 (with rpmrb script)
- add support packing for php8.2
- new version 5.1.3 (with rpmrb script)
+ PMASA-2022-1: a user could manipulate their account to bypass two factor authentication
+ PMASA-2022-2: allowing a user to submit information to present an XSS or HTML injection attack - add phpMyAdmin-apache2-php8.1 subpackage
- new version 5.1.1 (with rpmrb script)
- new version 5.1.0 (with rpmrb script)
- set requires: php7 >= 7.1.3
- add requires: php7-openssl, php7-curl, php7-opcache, php7-bz2
- new version 5.0.4 (with rpmrb script)
- new version 5.0.3 (with rpmrb script)
- several important security fixes:
+ PMASA-2020-5 XSS vulnerability with transformation feature
+ MASA-2020-6 SQL injection vulnerability with the search feature
- new version 5.0.2 (with rpmrb script)
- fix blowfish_secret length, add tmp dir path (ALT bug 37954)
- use php7-mysqlnd-mysqli (contains MYSQLI_TYPE_JSON)
- new version 5.0.1 (with rpmrb script)
- PMASA-2020-1 is an SQL injection vulnerability
- new version 4.9.2 (with rpmrb script)
- new version 4.9.0.1 (with rpmrb script)
+ PMASA-2019-3 is an SQL injection flaw in the Designer feature
+ PMASA-2019-4 is a CSRF attack that's possible through the 'cookie' login form
- disable php5 subpackage
- new version 4.8.5 (with rpmrb script)
- new version 4.8.3 (with rpmrb script)
- new version (4.8.2) with rpmgs script
- restore subpackage for php5
- new version 4.8.1 (with rpmrb script)
- drop php5 support
- new version 4.7.9 (with rpmrb script)
- new version 4.7.7 (with rpmrb script)
- new version 4.7.4 (with rpmrb script)
- new version 4.7.3 (with rpmrb script)
- new version 4.7.2 (with rpmrb script)
- new version 4.7.1 (with rpmrb script)
- new version 4.7.0 (with rpmrb script)
- new version 4.6.6 (with rpmrb script)
- new version 4.6.5.2 (with rpmrb script)
- new version 4.6.3 (with rpmrb script)
- new version 4.6.1 (with rpmrb script)
- drop apache subpackage (was for Apache 1.3)
- new version 4.2.13.1 (with rpmrb script)
- new version 4.2.12 (with rpmrb script)
- new version 4.2.11 (with rpmrb script)
- new version 4.2.9.1 (with rpmrb script)
- new version 4.2.9 (with rpmrb script)
- new version 4.2.8.1 (with rpmrb script)
- new version 4.2.8 (with rpmrb script)
- new version 4.2.7.1 (with rpmrb script)
- new version 4.2.6 (with rpmrb script)
- new version 4.1.14 (with rpmrb script)
- new version 4.1.12 (with rpmrb script)
- new version 4.0.9 (with rpmrb script)
- comment out memory_limit in .htaccess (ALT bug #29570)
- new version 4.0.8 (with rpmrb script)
- new version 4.0.6 (with rpmrb script)
- new version 4.0.5 (with rpmrb script)
- require php5-mysqli
- drop doc source from binary package (was require python sphinx)
- new version 3.5.8 (with rpmrb script)
- cleanup spec, mark conf files as config
- fix default configs
- Require apache2-base, apache-base package (ALT #28238)
- 3.3.10 -> 3.5.4
- Repocop: altlinux-policy-obsolete-httpd2-reload
- security bug fix
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-3.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-4.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-9.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-10.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-11.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-12.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-13.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-15.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-16.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-17.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-18.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-19.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-20.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2012-1.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2012-2.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2012-3.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php
- 3.3.7 -> 3.3.10
- FIX #24423
- security bug fix
+ http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2010-8.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2010-9.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2010-10.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-1.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2011-2.php
- 3.3.5 -> 3.3.7
- security bug fix
+ http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2010-7.php
- 3.3.3 -> 3.3.5
- Fix alias for apache2 (phpMyAdmin)
- fixed php_value for php5
- 3.3.2-rc1 -> 3.3.3
- 3.2.4 -> 3.3.2-rc1
- fix chmod for control modules
- fix pach in control modules
- fix requires
- rebased with WebPolicy
- added control modules
- removed common package
- relocated to group System/Servers
- (ALT #22561)
- 3.1.1 -> 3.2.4
- security bug fix (ALT #20402, #20647)
+ http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2009-4.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php
+ http://www.phpmyadmin.net/home_page/security/PMASA-2009-6.php
- 3.1.0 -> 3.1.1
- security bug fix:
+ SQL injection through XSRF on several pages
+ http://www.phpmyadmin.net/home_page/security/PMASA-2008-10.php
- 2.11.9.3 -> 3.1.0
- removed subpackage phpMyAdmin-apache-php4
- removed subpackage phpMyAdmin-apache2-php4
- renamed subpackage phpMyAdmin-apache-php5 to phpMyAdmin-apache
- renamed subpackage phpMyAdmin-apache2-php5 to phpMyAdmin-apache2
- 2.11.8.1 -> 2.11.9.3
- Added apache config for alias /phpMyAdmin (bugfix #17713)
- Added phpMyAdmin default configuration file and generate blowfish_secret
- security bug fix:
+ Code execution vulnerability
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-7
+ XSS in MSIE using NUL byte
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-8
+ XSS on a Designer component
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-9
- 2.11.7.1 -> 2.11.8.1
- this is security bug fix release:
+ Cross-site Framing; XSS in setup.php
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-6
- 2.11.7 -> 2.11.7.1
- this is security bug fix release:
+ XSRF/CSRF for creating a database and modifying user charset
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-5
- 2.11.6 -> 2.11.7
- this is security bug fix release:
+ XSS on plausible insecure PHP installation
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-4
- 2.11.5.2 -> 2.11.6
- 2.11.5.1 -> 2.11.5.2
- this is security bug fix release:
+ File disclosure on shared hosts via a crafted HTTP POST request
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-3
- 2.11.5 -> 2.11.5.1
- this is security bug fix release:
+ Credentials disclosure on shared hosts via session data
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
- 2.11.4 -> 2.11.5
- this is security bug fix release:
+ SQL injection vulnerability (Delayed Cross Site Request Forgery)
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-1
- 2.11.3 -> 2.11.4
- this is security bug fix release:
+ path disclosure on darkblue_orange/layout.inc.php
- 2.11.2.2 -> 2.11.3
- 2.11.2.1 -> 2.11.2.2
- this is security bug fix release, see:
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-8
- 2.11.2 -> 2.11.2.1
- this is security bug fix release, see:
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-7
- 2.11.1.2 -> 2.11.2
- 2.11.1.1 -> 2.11.1.2
- this is security bug fix release, see:
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6
- 2.10.3 -> 2.11.1.1
- this is security bug fix release, see:
+ http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-5
- 2.10.2 -> 2.10.3
- add configure tutorial (closes #11719)
- 2.10.2-rc1 -> 2.10.2 (bugfix release)
- 2.10.1 -> 2.10.2-rc1 (bugfix release)
- 2.10.1-rc1 -> 2.10.1
- this is security bug fix release, see:
+ http://secunia.com/advisories/24952/ (cross-site scripting)
- new subpackage -> phpMyAdmin-apache2-php4
- 2.10.0.2 -> 2.10.1-rc1
- fix requires (closes #11498)
+ add php-mcrypt and php-mbstring to phpMyAdmin-apache-php4
+ add php5-mcrypt and php5-mbstring to phpMyAdmin-apache-php5
+ add php5-mcrypt and php5-mbstring to phpMyAdmin-apache2-php5
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-3
+ aka CVE-2006-1549
- 2.9.2 -> 2.10.0.1
- 2.9.1.1 -> 2.9.2 (security bug fix)
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-1
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-2
- 2.9.1-rc2 -> 2.9.1.1 (security bug fix)
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-7
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-8
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-9
- 2.9.1-rc1 -> 2.9.1-rc2 (security bug fix)
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-6
- remove from phpMyAdmin requires mod_php and php-mysql
- add to phpMyAdmin package requires phpMyAdmin-engine
- add contribs to phpMyAdmin package
- 2.9.0-beta1 -> 2.9.1-rc1
- 2.8.2.4 -> 2.9.0-beta1
- realy fix #9743
- #9743
- 2.8.2.3 -> 2.8.2.4
- 2.8.2.2 -> 2.8.2.3
- 2.8.2.1 -> 2.8.2.2
- 2.8.2.1
- 2.8.2 (security bug fix)
- http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-4
- 2.8.1
- security bug fix
- 2.8.0.4
- security bug fix
- 2.8.0.3
- security bug fix
- added Provides: phpmyadmin (#5100)
- 2.5.7pl1 (major security fixes)
- 2.5.5pl1
- removed unneeded mysql dependency
- 2.5.4 (minor bugfixes)
- #3031 fixed; thanks to Alex Murygin (murygin@)
(hmm... should I "copy what's needed and remove what's not"
to avoid such situations?)
- #3031 fixed; thanks to Dmitry Lebkov (dlebkov@)
- file layout somewhat straightened/updated
- perms updated (mostly -x)
- 2.5.3
- we've no "webmaster" user -- let it be root for now since rpm would
get it that way anyways
- 2.5.2-pl1 (security fixes)
- killed phpinfo.php (crazy people!)
- 2.3.3pl1
- default access control implemented (from TODO) -- don't use 2.3.1-alt1
- fixed config.inc.php owner (root->webmaster)
- built for ALT Linux
- spec adapted from PLD
- All persons listed below can be reached at <cvs_login>@pld.org.pl
ppv, blues, kloczek, orzech, pioklo, qboosh, tiwek