diff options
| author | Matthew Seaman <matthew@FreeBSD.org> | 2013-08-04 12:13:50 +0000 |
|---|---|---|
| committer | Matthew Seaman <matthew@FreeBSD.org> | 2013-08-04 12:13:50 +0000 |
| commit | 9aacd678d32b85dc67c552d652a47d0ddb52d77d (patch) | |
| tree | a8bd1cf4f9f79ca4b1ea1b0a7c059654973256ad | |
| parent | 2569b886ba7abd542ecf1cf5b6c4ddaeba77c13f (diff) | |
| download | ports-9aacd678d32b85dc67c552d652a47d0ddb52d77d.tar.gz ports-9aacd678d32b85dc67c552d652a47d0ddb52d77d.zip | |
Notes
| -rw-r--r-- | databases/phpmyadmin/Makefile | 2 | ||||
| -rw-r--r-- | databases/phpmyadmin/distinfo | 4 | ||||
| -rw-r--r-- | databases/phpmyadmin35/Makefile | 3 | ||||
| -rw-r--r-- | security/vuxml/vuln.xml | 30 |
4 files changed, 36 insertions, 3 deletions
diff --git a/databases/phpmyadmin/Makefile b/databases/phpmyadmin/Makefile index ecb1f43cbb21..b3f8a8be91df 100644 --- a/databases/phpmyadmin/Makefile +++ b/databases/phpmyadmin/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= phpMyAdmin -DISTVERSION= 4.0.4.2 +DISTVERSION= 4.0.5 CATEGORIES= databases www MASTER_SITES= SF/${PORTNAME:L}/${PORTNAME}/${DISTVERSION} DISTNAME= ${PORTNAME}-${DISTVERSION}-all-languages diff --git a/databases/phpmyadmin/distinfo b/databases/phpmyadmin/distinfo index 8659a92b9d5e..4beb87c9602b 100644 --- a/databases/phpmyadmin/distinfo +++ b/databases/phpmyadmin/distinfo @@ -1,2 +1,2 @@ -SHA256 (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 0c13b9136092e33c0e4ce07d88818b989a7aa45d5c47f089df69719b4cc97fe5 -SIZE (phpMyAdmin-4.0.4.2-all-languages.tar.xz) = 4367316 +SHA256 (phpMyAdmin-4.0.5-all-languages.tar.xz) = f4df1190441ce5e094183cfadf8aec4af3a4f131339599e6380a1c6ac0a11fe4 +SIZE (phpMyAdmin-4.0.5-all-languages.tar.xz) = 4572884 diff --git a/databases/phpmyadmin35/Makefile b/databases/phpmyadmin35/Makefile index ea5431069d56..db426002a9f4 100644 --- a/databases/phpmyadmin35/Makefile +++ b/databases/phpmyadmin35/Makefile @@ -12,6 +12,9 @@ COMMENT= A set of PHP-scripts to manage MySQL over the web LICENSE= GPLv2 +DEPRECATED= Has unresolved security problems: http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php +EXPIRATION_DATE= 2013-09-04 + USE_XZ= yes NO_BUILD= yes .if !defined(WITHOUT_PHP_DEPENDS) diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 9a596297e76b..e36f33ffc27c 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -51,6 +51,36 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="17326fd5-fcfb-11e2-9bb9-6805ca0b3d42"> + <topic>phpMyAdmin -- clickJacking protection can be bypassed</topic> + <affects> + <package> + <name>phpMyAdmin</name> + <range><lt>4.0.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The phpMyAdmin development team reports:</p> + <blockquote cite="http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php"> + <p> phpMyAdmin has a number of mechanisms to avoid a + clickjacking attack, however these mechanisms either work + only in modern browser versions, or can be bypassed.</p> + <p>"We have no solution for 3.5.x, due to the proposed + solution requiring JavaScript. We don't want to introduce a + dependency to JavaScript in the 3.5.x family."</p> + </blockquote> + </body> + </description> + <references> + <url>http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php</url> + </references> + <dates> + <discovery>2013-08-04</discovery> + <entry>2013-08-04</entry> + </dates> + </vuln> + <vuln vid="69098c5c-fc4b-11e2-8ad0-00262d5ed8ee"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |