summaryrefslogtreecommitdiffstats
path: root/meta-webserver
diff options
context:
space:
mode:
authorWenzong Fan <wenzong.fan@windriver.com>2015-11-14 04:47:56 -0500
committerMartin Jansa <Martin.Jansa@gmail.com>2015-12-18 12:44:42 +0100
commitb12220887e7eabab269666d7a929211eacefcdb7 (patch)
tree3564a1f3341efcb378b11f893f1679b0362f447a /meta-webserver
parent4c21d7a02ff282411e2370802551aa4577b326fb (diff)
downloadmeta-openembedded-b12220887e7eabab269666d7a929211eacefcdb7.tar.gz
phpmyadmin: fix CVE-2015-7873
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. Backport upstream commit to fix it: https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Diffstat (limited to 'meta-webserver')
-rw-r--r--meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch48
-rw-r--r--meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb1
2 files changed, 49 insertions, 0 deletions
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
new file mode 100644
index 000000000..1e6bcbda5
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
@@ -0,0 +1,48 @@
1From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001
2From: Wenzong Fan <wenzong.fan@windriver.com>
3Date: Sat, 14 Nov 2015 02:01:54 -0500
4Subject: [PATCH] Port content spoofing fix
5
6Backport upstream commit for fixing CVE-2015-7873:
7 https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
8
9Upstream-Status: Backport
10
11Signed-off-by: Marc Delisle <marc@infomarc.info>
12Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
13---
14 ChangeLog | 4 ++++
15 url.php | 3 ++-
16 2 files changed, 6 insertions(+), 1 deletion(-)
17
18diff --git a/ChangeLog b/ChangeLog
19index 4cb6708..96936c8 100644
20--- a/ChangeLog
21+++ b/ChangeLog
22@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog
23 - issue #11448 Clarify doc about the MemoryLimit directive
24 - issue #11489 Cannot copy a database under certain conditions
25
26+4.4.15.1 (2015-10-23)
27+- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
28+- issue [security] Content spoofing on url.php
29+
30 4.4.15.0 (not yet released)
31 - issue #11411 Undefined "replace" function on numeric scalar
32 - issue #11421 Stored-proc / routine - broken parameter parsing
33diff --git a/url.php b/url.php
34index eec78a5..9c4c884 100644
35--- a/url.php
36+++ b/url.php
37@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url'])
38 }
39 </script>";
40 // Display redirecting msg on screen.
41- printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url']));
42+ // Do not display the value of $_REQUEST['url'] to avoid showing injected content
43+ echo __('Taking you to the target site.');
44 }
45 die();
46--
471.9.1
48
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
index e28b66a23..9297d0c23 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
@@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
6 file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c" 6 file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
7 7
8SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \ 8SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
9 file://Port-content-spoofing-fix-CVE-2015-7873.patch \
9 file://apache.conf" 10 file://apache.conf"
10 11
11SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275" 12SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"