Merge lp://qastaging/~julian-ladisch/ubuntu/wily/phpmyadmin/4.4.15.1-1 into lp://qastaging/ubuntu/wily/phpmyadmin
Proposed by
Julian Ladisch
Status: | Needs review |
---|---|
Proposed branch: | lp://qastaging/~julian-ladisch/ubuntu/wily/phpmyadmin/4.4.15.1-1 |
Merge into: | lp://qastaging/ubuntu/wily/phpmyadmin |
Diff against target: |
8583 lines (+2921/-2024) 71 files modified
.pc/setup-message.patch/setup/frames/index.inc.php (+1/-0) ChangeLog (+32/-0) README (+1/-1) RELEASE-DATE-4.4.13.1 (+0/-1) RELEASE-DATE-4.4.15.1 (+1/-0) debian/changelog (+15/-0) debian/patches/setup-message.patch (+5/-3) doc/conf.py (+1/-1) doc/html/.buildinfo (+1/-1) doc/html/_sources/require.txt (+1/-1) doc/html/config.html (+5/-5) doc/html/copyright.html (+5/-5) doc/html/credits.html (+5/-5) doc/html/developers.html (+5/-5) doc/html/faq.html (+5/-5) doc/html/genindex.html (+5/-5) doc/html/glossary.html (+5/-5) doc/html/import_export.html (+5/-5) doc/html/index.html (+5/-5) doc/html/intro.html (+5/-5) doc/html/other.html (+5/-5) doc/html/privileges.html (+5/-5) doc/html/require.html (+6/-6) doc/html/search.html (+5/-5) doc/html/setup.html (+5/-5) doc/html/transformations.html (+5/-5) doc/html/user.html (+5/-5) doc/html/vendors.html (+5/-5) doc/require.rst (+1/-1) import.php (+1/-1) js/functions.js (+2/-1) js/line_counts.php (+10/-10) js/pmd/move.js (+6/-5) js/tbl_operations.js (+4/-1) libraries/Config.class.php (+1/-1) libraries/DatabaseInterface.class.php (+34/-32) libraries/DisplayResults.class.php (+3/-1) libraries/Scripts.class.php (+10/-5) libraries/Util.class.php (+4/-153) libraries/VersionInformation.php (+270/-0) libraries/config/messages.inc.php (+1/-0) libraries/dbi/DBIDummy.class.php (+6/-2) libraries/language_stats.inc.php (+9/-9) libraries/phpseclib/Crypt/AES.php (+74/-130) libraries/phpseclib/Crypt/Base.php (+913/-400) libraries/phpseclib/Crypt/Random.php (+60/-81) libraries/phpseclib/Crypt/Rijndael.php (+347/-680) libraries/phpseclib/LICENSE (+21/-0) libraries/plugins/auth/AuthenticationCookie.class.php (+18/-41) libraries/plugins/auth/recaptcha/ReCaptcha/ReCaptcha.php (+97/-0) libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod.php (+42/-0) libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Post.php (+70/-0) libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Socket.php (+104/-0) libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/SocketPost.php (+120/-0) libraries/plugins/auth/recaptcha/ReCaptcha/RequestParameters.php (+103/-0) libraries/plugins/auth/recaptcha/ReCaptcha/Response.php (+102/-0) libraries/plugins/auth/recaptcha/autoload.php (+38/-0) libraries/plugins/auth/recaptcha/recaptchalib.php (+0/-140) libraries/plugins/import/ImportSql.class.php (+1/-1) libraries/rte/rte_routines.lib.php (+5/-0) libraries/server_privileges.lib.php (+1/-1) libraries/structure.lib.php (+6/-3) libraries/tbl_relation.lib.php (+8/-6) setup/frames/index.inc.php (+1/-0) setup/lib/index.lib.php (+12/-5) tbl_replace.php (+1/-1) tbl_row_action.php (+10/-0) themes/original/sprites.lib.php (+114/-99) themes/pmahomme/sprites.lib.php (+125/-110) url.php (+2/-1) version_check.php (+15/-4) |
To merge this branch: | bzr merge lp://qastaging/~julian-ladisch/ubuntu/wily/phpmyadmin/4.4.15.1-1 |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Marc Deslauriers | Needs Fixing | ||
Review via email:
|
Commit message
New upstream release 4.4.15.1 fixing CVE-2015-6830 and CVE-2015-7873
Description of the change
* New upstream release.
* Security Update: Vulnerability that allows bypassing the reCaptcha test
- CVE-2015-6830
- https:/
- LP: #1510525
* Security Update: Content spoofing vulnerability when
redirecting user to an external site
- CVE-2015-7873
- https:/
- LP: #1510521
To post a comment you must log in.
Unmerged revisions
- 127. By Julian Ladisch
-
new upstream version; CVE-2015-6830; CVE-2015-7873
Thank you for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. I see that you have attached patches to update the Ubuntu packages to the new upstream version. While this work is appreciated, we cannot publish your patches because this does not follow Ubuntu's policy of backporting security patches. If you are able, perhaps you could prepare debdiffs to fix this by following https:/ /wiki.ubuntu. com/SecurityUpd ateProcedures.