- Security update of databases/phpmyadmin to 4.0.5
ChangeLog: http://sourceforge.net/projects/phpmyadmin/files/phpMyAdmin/4.0.5/phpMyAdmin-4.0.5-notes.html/download SecurityAdvisory: http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php - Deprecate databases/phpmyadmin35 This version is vulnerable to the 'clickjacking protection bypass' problem fixed in 4.0.5, but the development team will not be publishing a fix. "We have no solution for 3.5.x, due to the proposed solution requiring JavaScript. We don't want to introduce a dependency to JavaScript in the 3.5.x family." Therefore deprecate this port and set expiry for one month. Please upgrade to 4.0.5 instead. Security: 17326fd5-fcfb-11e2-9bb9-6805ca0b3d42
This commit is contained in:
parent
2569b886ba
commit
9aacd678d3
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=324220
@ -2,7 +2,7 @@
|
||||
# $FreeBSD$
|
||||
|
||||
PORTNAME= phpMyAdmin
|
||||
DISTVERSION= 4.0.4.2
|
||||
DISTVERSION= 4.0.5
|
||||
CATEGORIES= databases www
|
||||
MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION}
|
||||
DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages
|
||||
|
@ -1,2 +1,2 @@
|
||||
SHA256 (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 0c13b9136092e33c0e4ce07d88818b989a7aa45d5c47f089df69719b4cc97fe5
|
||||
SIZE (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 4367316
|
||||
SHA256 (phpMyAdmin-4.0.5-all-languages.tar.xz) = f4df1190441ce5e094183cfadf8aec4af3a4f131339599e6380a1c6ac0a11fe4
|
||||
SIZE (phpMyAdmin-4.0.5-all-languages.tar.xz) = 4572884
|
||||
|
@ -12,6 +12,9 @@ COMMENT= A set of PHP-scripts to manage MySQL over the web
|
||||
|
||||
LICENSE= GPLv2
|
||||
|
||||
DEPRECATED= Has unresolved security problems: http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
|
||||
EXPIRATION_DATE= 2013-09-04
|
||||
|
||||
USE_XZ= yes
|
||||
NO_BUILD= yes
|
||||
.if !defined(WITHOUT_PHP_DEPENDS)
|
||||
|
@ -51,6 +51,36 @@ Note: Please add new entries to the beginning of this file.
|
||||
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="17326fd5-fcfb-11e2-9bb9-6805ca0b3d42">
|
||||
<topic>phpMyAdmin -- clickJacking protection can be bypassed</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>phpMyAdmin</name>
|
||||
<range><lt>4.0.5</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>The phpMyAdmin development team reports:</p>
|
||||
<blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php">
|
||||
<p> phpMyAdmin has a number of mechanisms to avoid a
|
||||
clickjacking attack, however these mechanisms either work
|
||||
only in modern browser versions, or can be bypassed.</p>
|
||||
<p>"We have no solution for 3.5.x, due to the proposed
|
||||
solution requiring JavaScript. We don't want to introduce a
|
||||
dependency to JavaScript in the 3.5.x family."</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2013-08-04</discovery>
|
||||
<entry>2013-08-04</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="69098c5c-fc4b-11e2-8ad0-00262d5ed8ee">
|
||||
<topic>chromium -- multiple vulnerabilities</topic>
|
||||
<affects>
|
||||
|
Loading…
Reference in New Issue
Block a user