diff options
author | Liu Jian <jian.liu@windriver.com> | 2016-01-20 17:36:46 +0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2016-02-01 15:58:04 +0100 |
commit | 350ad5dd558dc7d4e6d1cb7cf1a55a58d4036924 (patch) | |
tree | 421239680741b0ab57b5bc0e855931302b74fa39 | |
parent | b7834b965e032a7a79c345b249c4913aab804247 (diff) | |
download | meta-openembedded-350ad5dd558dc7d4e6d1cb7cf1a55a58d4036924.tar.gz |
phpmyadmin: CVE-2015-8669
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12,
4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers
to obtain sensitive information via a crafted request, which reveals
the full path in an error message.
This patch is from https://github.com/phpmyadmin/phpmyadmin/commit/c4d649325b25139d7c097e56e2e46cc7187fae45
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-rw-r--r-- | meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch | 18 | ||||
-rw-r--r-- | meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb | 4 |
2 files changed, 21 insertions, 1 deletions
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch new file mode 100644 index 000000000..65fff6455 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/phpmyadmin-CVE-2015-8669.patch | |||
@@ -0,0 +1,18 @@ | |||
1 | [Security] Path disclosure, see PMASA-2015-6 | ||
2 | |||
3 | Upstream-Status: Bacport | ||
4 | |||
5 | Signed-off-by: Marc Delisle <marc@infomarc.info> | ||
6 | |||
7 | diff -Nur phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php | ||
8 | --- phpMyAdmin-4.5.0.2-all-languages.orig/libraries/config/messages.inc.php 2016-01-20 15:11:15.410106888 +0800 | ||
9 | +++ phpMyAdmin-4.5.0.2-all-languages/libraries/config/messages.inc.php 2016-01-20 15:14:05.758108076 +0800 | ||
10 | @@ -11,7 +11,7 @@ | ||
11 | */ | ||
12 | |||
13 | if (!function_exists('__')) { | ||
14 | - PMA_fatalError('Bad invocation!'); | ||
15 | + exit(); | ||
16 | } | ||
17 | |||
18 | $strConfigAllowArbitraryServer_desc = __( | ||
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb index 9297d0c23..b8faf1273 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb | |||
@@ -7,7 +7,9 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ | |||
7 | 7 | ||
8 | SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \ | 8 | SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \ |
9 | file://Port-content-spoofing-fix-CVE-2015-7873.patch \ | 9 | file://Port-content-spoofing-fix-CVE-2015-7873.patch \ |
10 | file://apache.conf" | 10 | file://apache.conf \ |
11 | file://phpmyadmin-CVE-2015-8669.patch \ | ||
12 | " | ||
11 | 13 | ||
12 | SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275" | 14 | SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275" |
13 | SRC_URI[sha256sum] = "d2e90ea486d90b4ebe5eb02d7ad349ad2916c12a8981f98553395ef78d22a8ec" | 15 | SRC_URI[sha256sum] = "d2e90ea486d90b4ebe5eb02d7ad349ad2916c12a8981f98553395ef78d22a8ec" |