Ubuntu
phpmyadmin package

Merge lp://qastaging/~julian-ladisch/ubuntu/wily/phpmyadmin/4.4.15.1-1 into lp://qastaging/ubuntu/wily/phpmyadmin

Wily (15.10)
4.4.15.1-1
Merge into wily

Proposed by Julian Ladisch on 2015-10-27

Status:

Needs review

Proposed branch:

lp://qastaging/~julian-ladisch/ubuntu/wily/phpmyadmin/4.4.15.1-1

Merge into:

lp://qastaging/ubuntu/wily/phpmyadmin

Diff against target:

8583 lines (+2921/-2024)

71 files modified

.pc/setup-message.patch/setup/frames/index.inc.php (+1/-0)
ChangeLog (+32/-0)
README (+1/-1)
RELEASE-DATE-4.4.13.1 (+0/-1)
RELEASE-DATE-4.4.15.1 (+1/-0)
debian/changelog (+15/-0)
debian/patches/setup-message.patch (+5/-3)
doc/conf.py (+1/-1)
doc/html/.buildinfo (+1/-1)
doc/html/_sources/require.txt (+1/-1)
doc/html/config.html (+5/-5)
doc/html/copyright.html (+5/-5)
doc/html/credits.html (+5/-5)
doc/html/developers.html (+5/-5)
doc/html/faq.html (+5/-5)
doc/html/genindex.html (+5/-5)
doc/html/glossary.html (+5/-5)
doc/html/import_export.html (+5/-5)
doc/html/index.html (+5/-5)
doc/html/intro.html (+5/-5)
doc/html/other.html (+5/-5)
doc/html/privileges.html (+5/-5)
doc/html/require.html (+6/-6)
doc/html/search.html (+5/-5)
doc/html/setup.html (+5/-5)
doc/html/transformations.html (+5/-5)
doc/html/user.html (+5/-5)
doc/html/vendors.html (+5/-5)
doc/require.rst (+1/-1)
import.php (+1/-1)
js/functions.js (+2/-1)
js/line_counts.php (+10/-10)
js/pmd/move.js (+6/-5)
js/tbl_operations.js (+4/-1)
libraries/Config.class.php (+1/-1)
libraries/DatabaseInterface.class.php (+34/-32)
libraries/DisplayResults.class.php (+3/-1)
libraries/Scripts.class.php (+10/-5)
libraries/Util.class.php (+4/-153)
libraries/VersionInformation.php (+270/-0)
libraries/config/messages.inc.php (+1/-0)
libraries/dbi/DBIDummy.class.php (+6/-2)
libraries/language_stats.inc.php (+9/-9)
libraries/phpseclib/Crypt/AES.php (+74/-130)
libraries/phpseclib/Crypt/Base.php (+913/-400)
libraries/phpseclib/Crypt/Random.php (+60/-81)
libraries/phpseclib/Crypt/Rijndael.php (+347/-680)
libraries/phpseclib/LICENSE (+21/-0)
libraries/plugins/auth/AuthenticationCookie.class.php (+18/-41)
libraries/plugins/auth/recaptcha/ReCaptcha/ReCaptcha.php (+97/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod.php (+42/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Post.php (+70/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Socket.php (+104/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/SocketPost.php (+120/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/RequestParameters.php (+103/-0)
libraries/plugins/auth/recaptcha/ReCaptcha/Response.php (+102/-0)
libraries/plugins/auth/recaptcha/autoload.php (+38/-0)
libraries/plugins/auth/recaptcha/recaptchalib.php (+0/-140)
libraries/plugins/import/ImportSql.class.php (+1/-1)
libraries/rte/rte_routines.lib.php (+5/-0)
libraries/server_privileges.lib.php (+1/-1)
libraries/structure.lib.php (+6/-3)
libraries/tbl_relation.lib.php (+8/-6)
setup/frames/index.inc.php (+1/-0)
setup/lib/index.lib.php (+12/-5)
tbl_replace.php (+1/-1)
tbl_row_action.php (+10/-0)
themes/original/sprites.lib.php (+114/-99)
themes/pmahomme/sprites.lib.php (+125/-110)
url.php (+2/-1)
version_check.php (+15/-4)

To merge this branch:

bzr merge lp://qastaging/~julian-ladisch/ubuntu/wily/phpmyadmin/4.4.15.1-1

Related bugs:

Bug #1510521: CVE-2015-7873: Content spoofing vulnerability when redirecting user to an external site	Undecided	Expired
Bug #1510525: CVE-2015-6830: Vulnerability that allows bypassing the reCaptcha test	Undecided	Expired

Link a bug report

Reviewer	Review Type	Date Requested	Status
Marc Deslauriers		2015-10-27	Needs Fixing on 2015-11-10
Review via email: mp+275897@code.qastaging.launchpad.net

Commit message

New upstream release 4.4.15.1 fixing CVE-2015-6830 and CVE-2015-7873

Description of the change

* New upstream release.
* Security Update: Vulnerability that allows bypassing the reCaptcha test
  - CVE-2015-6830
  - https://www.phpmyadmin.net/security/PMASA-2015-4/
  - LP: #1510525
* Security Update: Content spoofing vulnerability when
  redirecting user to an external site
  - CVE-2015-7873
  - https://www.phpmyadmin.net/security/PMASA-2015-5/
  - LP: #1510521

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2015-11-10:

Thank you for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. I see that you have attached patches to update the Ubuntu packages to the new upstream version. While this work is appreciated, we cannot publish your patches because this does not follow Ubuntu's policy of backporting security patches. If you are able, perhaps you could prepare debdiffs to fix this by following https://wiki.ubuntu.com/SecurityUpdateProcedures.

review: Needs Fixing

Unmerged revisions

127. By Julian Ladisch on 2015-10-27: new upstream version; CVE-2015-6830; CVE-2015-7873

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

The diff is not available at this time. You can reload the page or download it.

Subscribers

People subscribed via source and target branches

to all changes:

Julian Ladisch

Ubuntu branches

Ubuntuphpmyadmin package