-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 28 Oct 2015 17:40:23 +0100 Source: phpmyadmin Binary: phpmyadmin Architecture: source all Version: 4:4.2.12-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Thijs Kinkhorst <thijs@debian.org> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: phpmyadmin - MySQL web administration tool Changes: phpmyadmin (4:4.2.12-2+deb8u1) jessie-security; urgency=high . * Fix several security: - CVE-2015-2206: Risk of BREACH attack due to reflected parameter. - CVE-2015-3902: XSRF/CSRF vulnerability in phpMyAdmin setup. - CVE-2015-3903: Vulnerability allowing man-in-the-middle attack on API call to GitHub. - CVE-2015-6830: Vulnerability that allows bypassing the reCaptcha test. - CVE-2015-7873: Content spoofing vulnerability when redirecting user to an external site. Checksums-Sha1: 192fd2cc99dcafce89d35b5b545645d98c6dcacc 1602 phpmyadmin_4.2.12-2+deb8u1.dsc a1111cb2bfec0f1dfb762009a324ab93d451c82c 5203736 phpmyadmin_4.2.12.orig.tar.xz eeab422d2803fe81ab844ef846ee10fbbf54d6aa 62008 phpmyadmin_4.2.12-2+deb8u1.debian.tar.gz 845b076aa5fa4bb218e0692dfdcd6cde24dbe487 6755712 phpmyadmin_4.2.12-2+deb8u1_all.deb Checksums-Sha256: 1ef9e12e7e1e628d92ce4d04632f9299d975a1c985e402e3786f90d794c3dd9e 1602 phpmyadmin_4.2.12-2+deb8u1.dsc 29a5d980ca16f0ee20437f3e01e2ab553041ccf422221ebe26fb18f11261d74a 5203736 phpmyadmin_4.2.12.orig.tar.xz 3d357fe1a9678f02547d2b8b2f929095d01388320c63ef169378a5fa547cfc99 62008 phpmyadmin_4.2.12-2+deb8u1.debian.tar.gz d74dccc5b6e45b476a346c7d01a3477f0738259bee2629ea9c7adb60990dc2ed 6755712 phpmyadmin_4.2.12-2+deb8u1_all.deb Files: 2624ca8c34fbfe126924960fe05d5ee9 1602 web extra phpmyadmin_4.2.12-2+deb8u1.dsc 2d12dce0a405db30509793720d1034e3 5203736 web extra phpmyadmin_4.2.12.orig.tar.xz 2bc1e5d31e9b17c7a171d6a3b1ec18cc 62008 web extra phpmyadmin_4.2.12-2+deb8u1.debian.tar.gz fbf7fa1b031e5301fc49c18c84ecc45f 6755712 web extra phpmyadmin_4.2.12-2+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJWMP64AAoJEFb2GnlAHawEgiQH/jrU+c2+iFyGa5T1E3Qgfv1x jw5qMegIxfFuoz7IkLcBm7MC0QImYlW6fTFtb0QfeKtELW7m4vZCzxmjyq80ldn8 ee7gDPgp3rQn4M+vS77gBCrFgsI7q5o59QWlncT9iI7Wz0GNPbdWHie6RJWh3Bsv z3wRXk0jhMuiW0znv2IMRxwORwISYJy5rnBkinOzjYuKwHG4rkTdcF7GEtplcsKe s5l28CzL7Gc4o00Ss/l6o0sD5l35qlxzrCPALuhArZ2PzboyiZSuifc3crZb+v5w 2HGeh9sUWmgXtP4rPQAKS3Pj40KjJ8LUKreM/0DtWQP8Lxzd5dxpJTukIRN4yN0= =ZNY1 -----END PGP SIGNATURE-----