[oe-commits] Roy Li : phpmyadmin: fix for Security Advisory CVE-2014-5274
git at git.openembedded.org
git at git.openembedded.org
Wed Dec 3 14:15:41 UTC 2014
Module: meta-openembedded.git
Branch: dizzy
Commit: 9167cec3d6f2ae63b3a407d70eb5137c19b993a7
URL: http://git.openembedded.org/?p=meta-openembedded.git&a=commit;h=9167cec3d6f2ae63b3a407d70eb5137c19b993a7
Author: Roy Li <rongqing.li at windriver.com>
Date: Thu Oct 30 13:37:26 2014 +0800
phpmyadmin: fix for Security Advisory CVE-2014-5274
Cross-site scripting (XSS) vulnerability in the view operations page in
phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote
authenticated users to inject arbitrary web script or HTML via a crafted
view name, related to js/functions.js.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274
Signed-off-by: Roy Li <rongqing.li at windriver.com>
Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
...4505-security-XSS-in-view-operations-page.patch | 43 ++++++++++++++++++++++
.../recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb | 1 +
2 files changed, 44 insertions(+)
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch
new file mode 100644
index 0000000..164a072
--- /dev/null
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4505-security-XSS-in-view-operations-page.patch
@@ -0,0 +1,43 @@
+From 0cd293f5e13aa245e4a57b8d373597cc0e421b6f Mon Sep 17 00:00:00 2001
+From: Madhura Jayaratne <madhura.cj at gmail.com>
+Date: Sun, 17 Aug 2014 08:41:57 -0400
+Subject: [PATCH] bug #4505 [security] XSS in view operations page
+
+Upstream-Status: Backport
+
+Signed-off-by: Marc Delisle <marc at infomarc.info>
+---
+ ChangeLog | 3 +++
+ js/functions.js | 2 +-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 7afac1a..cec9d77 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,6 +1,9 @@
+ phpMyAdmin - ChangeLog
+ ======================
+
++4.2.7.1 (2014-08-17)
++- bug #4505 [security] XSS in view operations page
++
+ 4.2.7.0 (2014-07-31)
+ - bug Broken links on home page
+ - bug #4494 Overlap in navigation panel
+diff --git a/js/functions.js b/js/functions.js
+index 09bfeda..a970a81 100644
+--- a/js/functions.js
++++ b/js/functions.js
+@@ -3585,7 +3585,7 @@ AJAX.registerOnload('functions.js', function () {
+ var question = PMA_messages.strDropTableStrongWarning + ' ';
+ question += $.sprintf(
+ PMA_messages.strDoYouReally,
+- 'DROP VIEW ' + PMA_commonParams.get('table')
++ 'DROP VIEW ' + escapeHtml(PMA_commonParams.get('table'))
+ );
+
+ $(this).PMA_confirm(question, $(this).attr('href'), function (url) {
+--
+1.7.10.4
+
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb
index c267d89..447b778 100644
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb
@@ -7,6 +7,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a \
SRC_URI = "${SOURCEFORGE_MIRROR}/phpmyadmin/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
file://0001-bug-4504-security-Self-XSS-in-query-charts.patch \
+ file://0001-bug-4505-security-XSS-in-view-operations-page.patch \
file://apache.conf"
SRC_URI[md5sum] = "0dcd755450dac819f33502590c88ad29"
More information about the Openembedded-commits
mailing list