adminer - Debian Package Tracker

general

source: adminer (main)
version: 4.8.1-4
maintainer: Alexandre Rossi (DMD)
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.7.1-1+deb10u1
oldstable: 4.7.9-2
stable: 4.8.1-1
testing: 4.8.1-4
unstable: 4.8.1-4

versioned links

4.7.1-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.7.9-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

adminer (1 bugs: 0, 0, 1, 0)

action needed

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2023-45195: Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
CVE-2023-45196: Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

Created: 2024-06-28 Last update: 2024-06-28 20:13

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit d7d675b21443144a92d05027a29c7cfc3427f9db
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Wed Jul 31 06:48:37 2024 +0200

    d/copyright: MIT->Expat and designs license clarifications

Created: 2024-07-31 Last update: 2024-11-19 03:33

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2023-45195: (needs triaging) Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
CVE-2023-45196: (needs triaging) Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-06-28 Last update: 2024-08-15 08:30

debian/patches: 2 patches to forward upstream low

Among the 3 debian patches available in version 4.8.1-4 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2024-07-31 Last update: 2024-07-31 07:20

news

[rss feed]

[2024-08-02] adminer 4.8.1-4 MIGRATED to testing (Debian testing watch)
[2024-07-30] Accepted adminer 4.8.1-4 (source) into unstable (Alexandre Rossi) (signed by: Boyuan Yang)
[2024-07-29] adminer REMOVED from testing (Debian testing watch)
[2024-02-06] adminer 4.8.1-2 MIGRATED to testing (Debian testing watch)
[2024-02-01] Accepted adminer 4.8.1-2 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2022-08-13] Accepted adminer 4.7.1-1+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Emilio Pozuelo Monfort)
[2022-05-13] Accepted adminer 4.2.5-3+deb9u3 (source all) into oldoldstable (Chris Lamb)
[2021-08-20] adminer 4.8.1-1 MIGRATED to testing (Debian testing watch)
[2021-08-17] Accepted adminer 4.8.1-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2021-05-31] adminer 4.7.9-2 MIGRATED to testing (Debian testing watch)
[2021-05-26] Accepted adminer 4.7.9-2 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2021-03-05] Accepted adminer 4.7.9-1~bpo10+1 (source all) into buster-backports (Alexandre Rossi) (signed by: Chris Lamb)
[2021-03-02] Accepted adminer 4.2.5-3+deb9u2 (source all) into oldstable (Utkarsh Gupta)
[2021-02-10] adminer 4.7.9-1 MIGRATED to testing (Debian testing watch)
[2021-02-08] Accepted adminer 4.7.9-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2020-12-10] adminer 4.7.8-2 MIGRATED to testing (Debian testing watch)
[2020-12-08] Accepted adminer 4.7.8-2 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2020-05-18] Accepted adminer 4.7.7-1~bpo10+1 (source all) into buster-backports (Alexandre Rossi) (signed by: Chris Lamb)
[2020-05-14] adminer 4.7.7-1 MIGRATED to testing (Debian testing watch)
[2020-05-11] Accepted adminer 4.7.7-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2020-05-03] Accepted adminer 4.7.6-1~bpo10+1 (source all) into buster-backports (Alexandre Rossi) (signed by: Chris Lamb)
[2020-02-07] adminer 4.7.6-1 MIGRATED to testing (Debian testing watch)
[2020-02-04] Accepted adminer 4.7.6-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2019-11-26] Accepted adminer 4.7.5-1~bpo10+1 (source all) into buster-backports, buster-backports (Alexandre Rossi) (signed by: Chris Lamb)
[2019-11-18] adminer 4.7.5-1 MIGRATED to testing (Debian testing watch)
[2019-11-15] Accepted adminer 4.7.5-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2019-10-26] adminer 4.7.4-1 MIGRATED to testing (Debian testing watch)
[2019-10-24] Accepted adminer 4.7.4-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2019-09-08] adminer 4.7.3-1 MIGRATED to testing (Debian testing watch)
[2019-09-06] Accepted adminer 4.7.3-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.8.1-4