phpmyadmin 4:4.6.6-5ubuntu0.5 source package in Ubuntu
Changelog
phpmyadmin (4:4.6.6-5ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: Cross-site scripting (XSS)
- debian/patches/CVE-2020-26934.patch: make sure where_clause is not
modified
- debian/patches/fix-tests-for-CVE-2020-26934-and-CVE-2020-26935.patch:
Fix failing tests
- debian/patches/CVE-2018-7260.patch: Fix XSS vulnerability in central
columns feature
- debian/patches/CVE-2018-19970.patch: Fix stored Cross-Site Scripting
(XSS) in navigation tree.
- CVE-2020-26934
- CVE-2018-7260
- CVE-2018-19970
* SECURITY UPDATE: Cross-site request forgery (CSRF)
- debian/patches/CVE-2019-12616.patch: Retrieve parameters from $_POST
in AuthenticationCookie.
- debian/patches/fix-tests-for-CVE-2019-12616.patch: Fix tests for
CVE-2019-12616
* SECURITY UPDATE: SQL Injection
- debian/patches/CVE-2020-26935.patch: Check where clause signature in
TableSearchController
- debian/patches/CVE-2019-6798.patch: SQL injection in Designer
- debian/patches/CVE-2019-11768.patch: Fix escape database name when
saving page on designer.
- debian/patches/CVE-2020-5504.patch: escape username in the query
- debian/patches/CVE-2020-10804: escape username, password, and hostname
- debian/patches/CVE-2020-10802: Use Util::backquote in getDataRowAction
- debian/patches/CVE-2020-10803: Add where_clause check in
tbl_get_field.php
- debian/patches/fix-tests-for-CVE-2020-10803.patch: Fix
Display/ResultsTest errors
- CVE-2020-26935
- CVE-2019-6798
- CVE-2019-11768
- CVE-2020-5504
- CVE-2020-10804
- CVE-2020-10802
- CVE-2020-10803
* SECURITY UPDATE: Sensitive information exposure
- debian/patches/CVE-2018-19968.patch: Remove transform plugin includes
- debian/patches/CVE-2019-6799.patch: Prevent arbitrary file read by
the webserver
- CVE-2018-19968
- CVE-2019-6799
* FTBFS: PHPUnit namespace discrepancy
- debian/patches/fix-tests-bionic.patch: The version of PHPUnit packaged
with bionic is not compatible with these unit tests. Some minor namespace
tweaks were needed in order to get the test suite to run. One test case
provided by rulesProvider for testAddRules() was disabled.
-- Mike Salvatore <email address hidden> Tue, 17 Nov 2020 19:16:01 -0500
Upload details
- Uploaded by:
- Mike Salvatore
- Uploaded to:
- Bionic
- Original maintainer:
- Ubuntu Developers
- Architectures:
- all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Bionic | updates | universe | web | |
| Bionic | security | universe | web |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| phpmyadmin_4.6.6.orig.tar.xz | 5.9 MiB | b7b9e0f88ca740fcba249e7e3e7d51d1923b038b7742cde72de193a2b0a2654f |
| phpmyadmin_4.6.6-5ubuntu0.5.debian.tar.xz | 94.9 KiB | 13686d6e7d96cd87165e86676028fbbbdda93610e116c5a7f550fa890e921c4c |
| phpmyadmin_4.6.6-5ubuntu0.5.dsc | 2.2 KiB | d1836e3b96bc9b02616ecba64d1e1b4c893054a7bba7d833f57afabb8786b191 |
Available diffs
Binary packages built by this source
- phpmyadmin: MySQL web administration tool
This package allows administering of MySQL or MariaDB with a web interface.
.
It allows administrators to:
- browse through databases and tables;
- create, copy, rename, alter and drop databases;
- create, copy, rename, alter and drop tables;
- perform table maintenance;
- add, edit and drop fields;
- execute any SQL-statement, even multiple queries;
- create, alter and drop indexes;
- load text files into tables;
- create and read dumps of tables or databases;
- export data to SQL, CSV, XML, Word, Excel, PDF and LaTeX formats;
- administer multiple servers;
- manage MySQL users and privileges;
- check server settings and runtime information with configuration hints;
- check referential integrity in MyISAM tables;
- create complex queries using Query-by-example (QBE), automatically
connecting required tables;
- create PDF graphics of database layout;
- search globally in a database or a subset of it;
- transform stored data into any format using a set of predefined
functions, such as displaying BLOB-data as image or download-link;
- manage InnoDB tables and foreign keys;
and is fully internationalized and localized in dozens of languages.
