-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 22 Apr 2016 11:54:07 -0400 Source: phpmyadmin Binary: phpmyadmin Architecture: source all Version: 4:3.4.11.1-2+deb7u3 Distribution: wheezy-security Urgency: medium Maintainer: Thijs Kinkhorst <thijs@debian.org> Changed-By: Antoine Beaupré <anarcat@debian.org> Description: phpmyadmin - MySQL web administration tool Changes: phpmyadmin (4:3.4.11.1-2+deb7u3) wheezy-security; urgency=medium . * Fix security issues: - CVE-2016-1927: suggestPassword generates weak passphrases - CVE-2016-2038: information disclosure via crafted requests - CVE-2016-2039: weak CSRF token values - CVE-2016-2040: XSS vulnerabilities in authenticated users - CVE-2016-2041: information breach in CSRF token comparison - CVE-2016-2045: XSS injection via crafted SQL queries - CVE-2016-2560: XSS injection Checksums-Sha1: df734fd678c3b01a6d6968dde078b3796047636e 1938 phpmyadmin_3.4.11.1-2+deb7u3.dsc 3cd2b397fac6505d3a827663dfef795d310b2d65 95831 phpmyadmin_3.4.11.1-2+deb7u3.debian.tar.gz fa976b27ae73723de078f51319a02295f849db24 5527434 phpmyadmin_3.4.11.1-2+deb7u3_all.deb Checksums-Sha256: 18af94e8d911c6c383ef743123c079e8e92f478cafb758b3958010c9d415c2c4 1938 phpmyadmin_3.4.11.1-2+deb7u3.dsc 7b98e7ec1e35c0dda840d34bb6fe5bae511f3be34c51fe5f8b5660bc25f637f1 95831 phpmyadmin_3.4.11.1-2+deb7u3.debian.tar.gz df62ff9f40685223a1e5004b3ca381071555b115969850fdba539ccb0c0eb1ad 5527434 phpmyadmin_3.4.11.1-2+deb7u3_all.deb Files: 8ff0c24c7aee63cdb3cd994f14ce8f94 1938 web extra phpmyadmin_3.4.11.1-2+deb7u3.dsc 05bb0baeba425fe112595f7102ef5cd8 95831 web extra phpmyadmin_3.4.11.1-2+deb7u3.debian.tar.gz 2bffe2f36b99db4bfd1ac7b0d7c1789a 5527434 web extra phpmyadmin_3.4.11.1-2+deb7u3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXGnVYAAoJEHkhUlJ7dZIeI8cP/2XGOfmUp7fk+G5C+zBqySIR sUqLraB1P6pcNMf4eihCN1hSsl0GUclFigh2ahiHpISavRcDA6pExL9eo10MIZTl R+6kuQZPEvDAqno5n5UN7VFfzK9VaBgxwBSGQLnvoS4x7AYrSTGNhUzv7TSb83ta BsRUBBZbJjPEDZd0w3mS0uqbGu6xh8/TqblVkuJxD1Td2EcFwnLqwZQwYUrNmdO8 2kt49Uk+JH7BHnZaAd56k3PX7ZPxCiaMqTARKzJPoAtzavzWyD9OOqL2lNItx/zh zwPpgDcYLd0NRNzR5XeSU0opTk1GlbqIbznki1DXhl1HZ7q2zMpSeRK1z0RE9m0c amRej5wOGtvH/dCjfMz5qOOhyoE+tu5KmBKbC4oP2HYt7UtCqoOo0/64SMQqm1UZ YPvhcEzqrrHjmx3NJQjvXxlyAmfJrxN42hXq4xN92lddBWVS0XZzvsah4LCfhVwH 0mIeDqrhj00CcU6lLm44j6gCWWFy5zg22sxaiZRBNEvQ4CDkEdpONohyStYoLUq3 tsuRtaEpSP2vmBc2t+qHtraxB2hrEZy/o4YbMHoKQVFVQHSi30rkMiHhImhJnPXe PUHXjb9WjL+HtRgMM98F9gqG3IiDtqspIsEB6hicJHY/ss1F7w6XOJVBlX+/QqAk wdDBnaH3t25mwY4LpgFJ =nSTX -----END PGP SIGNATURE-----