-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 22 Mar 2020 17:07:57 +0100 Source: phpmyadmin Binary: phpmyadmin Architecture: source all Version: 4:4.6.6-4+deb9u1 Distribution: stretch Urgency: high Maintainer: Thijs Kinkhorst <thijs@debian.org> Changed-By: William Desportes <williamdes@wdes.fr> Description: phpmyadmin - MySQL web administration tool Closes: 893539 920822 920823 930017 930048 948718 954665 954666 954667 Changes: phpmyadmin (4:4.6.6-4+deb9u1) stretch; urgency=high . * Team upload * Several security fixes - Cross-site scripting (XSS) vulnerability in db_central_columns.php (PMASA-2018-1, CVE-2018-7260, Closes: #893539) - Remove transformation plugin includes (PMASA-2018-6, CVE-2018-19968) - Fix Stored Cross-Site Scripting (XSS) in navigation tree (PMASA-2018-8, CVE-2018-19970) - Fix information leak (arbitrary file read) using SQL queries (PMASA-2019-1, CVE-2019-6799, Closes: #920823) - a specially crafted username can be used to trigger a SQL injection attack (PMASA-2019-2, CVE-2019-6798, Closes: #920822) - SQL injection in Designer feature (PMASA-2019-3, CVE-2019-11768, Closes: #930048) - CSRF vulnerability in login form (PMASA-2019-4, CVE-2019-12616, Closes: #930017) - SQL injection, escape username in the query (PMASA-2020-1, CVE-2020-5504, Closes: #948718) - Add a patch to escape some parameters when changing passwords (PMASA-2020-2, CVE-2020-10804, Closes: #954667) - Add a patch to escape database and table name (PMASA-2020-3, CVE-2020-10802, Closes: #954665) - Add a patch to secure sql_query parameter (PMASA-2020-4, CVE-2020-10803, Closes: #954666) Checksums-Sha1: 54a3b9e872405f242fef531860ee1f01e7a425fb 2123 phpmyadmin_4.6.6-4+deb9u1.dsc 5314655baf12ad47bdc42a2ebcfc2b10995ce7a5 6147904 phpmyadmin_4.6.6.orig.tar.xz a3ce0bc62874cffd398433de9f99f104a59e17e6 87276 phpmyadmin_4.6.6-4+deb9u1.debian.tar.xz 192e2dd05c635f39f43ea79455ca78c91a8fa640 3910736 phpmyadmin_4.6.6-4+deb9u1_all.deb 50c2fe65d0c84eb6843b7399e6a4c01185d26818 8729 phpmyadmin_4.6.6-4+deb9u1_amd64.buildinfo Checksums-Sha256: 2568bc474f94dd88a8f1082d83d814a126c507e15f41efaaa0f0c4d3a6e7f8ba 2123 phpmyadmin_4.6.6-4+deb9u1.dsc b7b9e0f88ca740fcba249e7e3e7d51d1923b038b7742cde72de193a2b0a2654f 6147904 phpmyadmin_4.6.6.orig.tar.xz a877680d4d10b8500bc5f2acdd8cafcfeed23ed8d5208af96e3e88b623a39f1e 87276 phpmyadmin_4.6.6-4+deb9u1.debian.tar.xz 5db49a41af864dccea7d8926954dce8c4e4e192bd644a04b216d4f4a3a732556 3910736 phpmyadmin_4.6.6-4+deb9u1_all.deb d04c07e72132473eb24fc9b8c18d685399298cd448cef42b60cd2cc81f0697e5 8729 phpmyadmin_4.6.6-4+deb9u1_amd64.buildinfo Files: 3cd01d47875eb49cced10d2ce5463bc1 2123 web extra phpmyadmin_4.6.6-4+deb9u1.dsc 474af1974cadf7f0300d80a63acc14d2 6147904 web extra phpmyadmin_4.6.6.orig.tar.xz 87e5839b15cfa663adabadcf997814d7 87276 web extra phpmyadmin_4.6.6-4+deb9u1.debian.tar.xz 61eff9b435e1c72a8d215f1f8ea811cc 3910736 web extra phpmyadmin_4.6.6-4+deb9u1_all.deb d0601ed689d8ecfc16972743db788114 8729 web extra phpmyadmin_4.6.6-4+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl6AnEoACgkQgj6WdgbD S5Zaqw/+M3R6ygmmdv7E1dHdiI4ho/dG71FgnAzW4v6jW26Id4D2mH8/BUgE9hQ/ WveyrRVZBb4LAydy6qyMPmDJcGDgVEcKKpNTH6PaA5M2SvVVvDZ/LBFiaqK+31Jy Oajq6DnfJmjsEILr6zfOLLW9cBaVeuJ8d14yBn+47Eyf0DohvN/1btQmDHa+lhhM eW2PBNCQHOysESS7tH1gkiZsQlreD80bT7rIN1snp62t249go6JpONhS3iICz2vP yuCPuGl1Ndw3QSI7kFKKbFA+unAmlmtQmdhybNOrXYrO2u7CPi1dwiMjP7W4EEWe k1o1bvB4qOZY+PSq3DPzS4cFESEu1qLGFgQdisLIrS5g6dFhhAI9fmwkohmQjRtQ WW0HQkPyxGufqrH2w0mkuc59kBF2WY8j6FrnTr/5iLHh9yWmzGQFRGyKnMWCdbgx u3CIr+5u3ZhvY7WFjWuI8xY/NoSophda+glia5vPVnqjH/FhU9tfqIu/qyyrw9RC 01RPf1jOkSnHmREOIMqHK5yeugzuKAEHsOV8Rh7TmRHSWdGyHvBkgN3Y5XQMzbtt U8WrHIPQEORTc3toIOOR2C6LfQI+COQWmQC/GSGXclKTTZvi8lV3LN9NmD1KFics i17IHOzZh/Wn7kQv709U/28plys3Fvl9I3x0fVNWLmIPOo16WNY= =qhUY -----END PGP SIGNATURE-----