-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 01 Nov 2019 19:33:40 +0100 Source: phpmyadmin Architecture: source Version: 4:4.9.1+dfsg1-2 Distribution: unstable Urgency: medium Maintainer: phpMyAdmin Packaging Team <team+phpmyadmin@tracker.debian.org> Changed-By: Matthias Blümel <debian@blaimi.de> Closes: 772741 883417 884827 890595 893539 896490 914673 917755 920822 920823 930017 930048 943209 Changes: phpmyadmin (4:4.9.1+dfsg1-2) unstable; urgency=medium . * Adjust open_basedir setting for ubuntu eoan . phpmyadmin (4:4.9.1+dfsg1-1) unstable; urgency=medium . * New upstream version 4.9.1. * Remove webbased setup (Closes: #772741) * Check for weak blowfish key and regenerate if necessary during update * fix avahi service-installation (Closes: #914673, LP: #1293558) * fix bug in sql-script for non-default tablename (Closes: #884827) . phpmyadmin (4:4.9.0.1+dfsg1-1) unstable; urgency=medium . [ Matthias Blümel ] * New upstream version 4.9.0.1. * Update Package for new composer-oriented structure in upstream * Update Traslations - Catalan - Ukrainian - Chinese (Traditional) * New Translations - Romanian - Indonesian * New upstream release, fixing several security issues: - Warings when running under php 7.2 (Closes: #890595) - FTBFS with phpunit 6.4.4-2 (Closes: #883417, Closes: #917755) - Bypass $cfg['Servers'][$i]['AllowNoPassword'] (PMASA-2017-8, CVE-2017-18264) - XSRF/CSRF vulnerability in phpMyAdmin (PMASA-2017-9, CVE-2017-1000499) - Self XSS in central columns feature (PMASA-2018-1, CVE-2018-7260, Closes: #893539) - CSRF vulnerability allowing arbitrary SQL execution (PMASA-2018-2, CVE-2018-10188, Closes: #896490) - XSS in Designer feature (PMASA-2018-3, CVE-2018-12581) - Bug that can be used for XSS when importing files - Local file inclusion (PMASA-2018-6, CVE-2018-19968) - XSRF/CSRF vulnerabilities allowing a to perform harmful operations (PMASA-2018-7, CVE-2018-19969) - an XSS vulnerability in the navigation tree (PMASA-2018-8, CVE-2018-19970) - Arbitrary file read vulnerability (PMASA-2019-1, CVE-2019-6799, Closes: #920823) - SQL injection in the Designer interface (PMASA-2019-2, CVE-2019-6798, Closes: #920822) - SQL injection in Designer feature (PMASA-2019-3, CVE-2019-11768, Closes: #930048)) - CSRF vulnerability in login form (PMASA-2019-4, CVE-2019-12616, Closes: #930017) * patch to allow twig in version 2 * adjust autoload path with libapache2-mod-php, load Twig-Extensions and tcpdf * adjust apache-config with open_basedir for dependencies * Set TempDir to /var/lib/phpmyadmin/tmp for twig-cache * add config-table upgrade for version 4.7.0+ * enable unittests and patch to use phpunit 7, fix build-deps * update to standards-version 4.3.0 * add Debian CI testfile * depend on python3-sphinx instead of python-sphinx which is python2 (Closes: #943209) * don't chown tmp-dir recursive and remove useless entries in 'dirs' * add sensible-utils to dependencies for .desktop-file * simplify apache-config * mbstring.func_overload = 0 is default and not set (/etc/php/7.3/apache2/php.ini) * SetHandler is now in the configuration of libapache2-mod-php (/etc/apache2/mods-available/php7.3.conf) * AddType seems not to be necessary anymore, it's in the mime-database (/etc/mime.types) * use autoload.php instead of vendor/autoload.php * use libjs-openlayers instead of bundled ones. * include copyright information from included vendor-source * cleanup lintian overrides . [ Felipe Sateler ] * Exclude vendor dir from upstream tarball imports * Add new build-dependencies * Add autoload generation * Fix Config file location * Add phpcomposer substvars to control file * Fix js paths in debian/rules * Set phpMyAdmin team as Maintainer . [ Juri Grabowski ] * define composer as Build-Depends, Fix Vcs- URLs * apache2.2-common -> apache2-data Checksums-Sha1: db30c657beb422cfcab4ae2f0504a46a33fc07c1 2700 phpmyadmin_4.9.1+dfsg1-2.dsc faaeaa981f613b23d4f9afc2c5b343fcad84b3f2 94188 phpmyadmin_4.9.1+dfsg1-2.debian.tar.xz 07d1363135b7f0255407f6af5355126276b02186 11322440 phpmyadmin_4.9.1+dfsg1.orig.tar.xz Checksums-Sha256: a205fa69ec52834e772ebd619203fad6a46ff1bdc9865c28142935d24186dc7a 2700 phpmyadmin_4.9.1+dfsg1-2.dsc d6877f4ca7a9ea49bdb8608f16342207c4703a0db68fd607a4fa41dfa9294a42 94188 phpmyadmin_4.9.1+dfsg1-2.debian.tar.xz 5774cd30ffd4d3369a3083d7e04ef60a651647fd4da749cb53285fa0fb16459a 11322440 phpmyadmin_4.9.1+dfsg1.orig.tar.xz Files: bc93c0fec95473d080304848d649c6d1 2700 web optional phpmyadmin_4.9.1+dfsg1-2.dsc f440b671f55d71f64b648761af63ff51 94188 web optional phpmyadmin_4.9.1+dfsg1-2.debian.tar.xz 76668ca2166ce668cf4915338be16d4d 11322440 web optional phpmyadmin_4.9.1+dfsg1.orig.tar.xz -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEIY7gNiAzyHtsE1+ko7q64kCN1s8FAl3IJCwUHGZzYXRlbGVy QGRlYmlhbi5vcmcACgkQo7q64kCN1s8OARAAmCGEXxYkXJh02TWnbISOxqm8KL/1 DVOHbAuJtYemnLVlBNr5glPh7Ttx+N/ZiLbgNpJwxqEvTxKO2w3erpoW9vd4ICW7 8rZOpLh5hJW54fAHz4kdYiYuN0B2pvaZ/iqCLTt9DjBHZHDJud7nUFPciFMUoigb nFjp7yH1aBM50m4bNkvh2wDn740/SUOcaO+va4mMc43o15YqWerwrxEvfgvwrgnM znzaGrkwYL1KGi6MGrBufAIzxABWCgmFGFq4B/fNliG/XxDcGj4OxpoUs4H/mw88 /G0aWYWq4Eajq1Vi+k2HqEjnEJpHIQBd6ykSDKDctInzlEfy3ot8/p6MrWjIpEfg VMvyGOwg6Ya7FiV5YxVXxcN/5Ly4S8R58Tz66W/Dz6uWMcMQFSnKaiIlr8woFBDf D9z1j8HFRv4r1ha1h3gY6rJtKBfkYENRMSd7JgsKk6iahzJpJWYksE+SusYWw08W XOC2DOiAnGFaND0CXNq67tvs+G8pwv87yxACemY29WUwjle/0N6yJ3Exf2K4RvhC EC4H7wcY74LfTro2xtnzIE7KRc0iG8e5yFylJjdT2OqYutTwBBibcod+An/D1n7u wncfVkHD0AEB0NDU31L7Yn2p03a+upaD5ErgOKNJ0r66Rd8KfIYC2s5ouwSvV1G2 8thkti3V7G1FT0w= =k+MP -----END PGP SIGNATURE-----