summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRoy Li <rongqing.li@windriver.com>2014-10-30 13:37:26 +0800
committerPaul Eggleton <paul.eggleton@linux.intel.com>2014-10-31 11:35:25 +0000
commit7edda3d9267cc3561151a5611a2d215848824423 (patch)
tree140920340e077d34cabfb1048816dc906d03fd47
parent780fb7c811b03ea5ae614cfa228f2f74d884f900 (diff)
downloadmeta-openembedded-7edda3d9267cc3561151a5611a2d215848824423.tar.gz
phpmyadmin: fix for Security Advisory CVE-2014-5274
Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274 Signed-off-by: Roy Li <rongqing.li@windriver.com>
Diffstat
-rw-r--r--meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch43
-rw-r--r--meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb1
2 files changed, 44 insertions, 0 deletions
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch
new file mode 100644
index 0000000000..164a072ef8
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch
@@ -0,0 +1,43 @@
1From 0cd293f5e13aa245e4a57b8d373597cc0e421b6f Mon Sep 17 00:00:00 2001
2From: Madhura Jayaratne <madhura.cj@gmail.com>
3Date: Sun, 17 Aug 2014 08:41:57 -0400
4Subject: [PATCH] bug #4505 [security] XSS in view operations page
5
6Upstream-Status: Backport
7
8Signed-off-by: Marc Delisle <marc@infomarc.info>
9---
10 ChangeLog | 3 +++
11 js/functions.js | 2 +-
12 2 files changed, 4 insertions(+), 1 deletion(-)
13
14diff --git a/ChangeLog b/ChangeLog
15index 7afac1a..cec9d77 100644
16--- a/ChangeLog
17+++ b/ChangeLog
18@@ -1,6 +1,9 @@
19 phpMyAdmin - ChangeLog
20 ======================
21
22+4.2.7.1 (2014-08-17)
23+- bug #4505 [security] XSS in view operations page
24+
25 4.2.7.0 (2014-07-31)
26 - bug Broken links on home page
27 - bug #4494 Overlap in navigation panel
28diff --git a/js/functions.js b/js/functions.js
29index 09bfeda..a970a81 100644
30--- a/js/functions.js
31+++ b/js/functions.js
32@@ -3585,7 +3585,7 @@ AJAX.registerOnload('functions.js', function () {
33 var question = PMA_messages.strDropTableStrongWarning + ' ';
34 question += $.sprintf(
35 PMA_messages.strDoYouReally,
36- 'DROP VIEW ' + PMA_commonParams.get('table')
37+ 'DROP VIEW ' + escapeHtml(PMA_commonParams.get('table'))
38 );
39
40 $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
41--
421.7.10.4
43
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb
index c267d89621..447b77884d 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a \
7 7
8SRC_URI = "${SOURCEFORGE_MIRROR}/phpmyadmin/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \ 8SRC_URI = "${SOURCEFORGE_MIRROR}/phpmyadmin/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
9 file://0001-bug-4504-security-Self-XSS-in-query-charts.patch \ 9 file://0001-bug-4504-security-Self-XSS-in-query-charts.patch \
10 file://0001-bug-4505-security-XSS-in-view-operations-page.patch \
10 file://apache.conf" 11 file://apache.conf"
11 12
12SRC_URI[md5sum] = "0dcd755450dac819f33502590c88ad29" 13SRC_URI[md5sum] = "0dcd755450dac819f33502590c88ad29"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-03-26 13:00:06 +0000