phpmyadmin: fix CVE-2015-7873

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. Backport upstream commit to fix it: https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
author: Wenzong Fan <wenzong.fan@windriver.com> 2015-11-14 04:47:56 -0500
committer: Martin Jansa <Martin.Jansa@gmail.com> 2015-12-18 12:44:42 +0100
commit: b12220887e7eabab269666d7a929211eacefcdb7 (patch)
tree: 3564a1f3341efcb378b11f893f1679b0362f447a /meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
parent: 4c21d7a02ff282411e2370802551aa4577b326fb (diff)
download: meta-openembedded-b12220887e7eabab269666d7a929211eacefcdb7.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
index e28b66a23..9297d0c23 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                    file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
 SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
+           file://Port-content-spoofing-fix-CVE-2015-7873.patch \
           file://apache.conf"
 SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"
author	Wenzong Fan <wenzong.fan@windriver.com>	2015-11-14 04:47:56 -0500
committer	Martin Jansa <Martin.Jansa@gmail.com>	2015-12-18 12:44:42 +0100
commit	b12220887e7eabab269666d7a929211eacefcdb7 (patch)
tree	3564a1f3341efcb378b11f893f1679b0362f447a /meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
parent	4c21d7a02ff282411e2370802551aa4577b326fb (diff)
download	meta-openembedded-b12220887e7eabab269666d7a929211eacefcdb7.tar.gz

diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb index e28b66a23..9297d0c23 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
6	file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"	6	file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
7		7
8	SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \	8	SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
		9	file://Port-content-spoofing-fix-CVE-2015-7873.patch \
9	file://apache.conf"	10	file://apache.conf"
10		11
11	SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"	12	SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"