-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 28 Nov 2016 10:22:19 +0100 Source: phpmyadmin Binary: phpmyadmin Architecture: source Version: 4:4.6.5.1-1 Distribution: unstable Urgency: high Maintainer: Thijs Kinkhorst <thijs@debian.org> Changed-By: Michal Čihař <nijel@debian.org> Description: phpmyadmin - MySQL web administration tool Changes: phpmyadmin (4:4.6.5.1-1) unstable; urgency=high . * New upstream release, fixing several security issues: - Unsafe generation of $cfg['blowfish_secret'] (PMASA-2016-58) - phpMyAdmin's phpinfo functionality is removed (PMASA-2016-59) - AllowRoot and allow/deny rule bypass with specially-crafted username (PMASA-2016-60) - Username matching weaknesses with allow/deny rules (PMASA-2016-61) - Possible to bypass logout timeout (PMASA-2016-62) - Full path disclosure (FPD) weaknesses (PMASA-2016-63) - Multiple XSS weaknesses (PMASA-2016-64) - Multiple denial-of-service (DOS) vulnerabilities (PMASA-2016-65) - Possible to bypass white-list protection for URL redirection (PMASA-2016-66) - BBCode injection to login page (PMASA-2016-67) - Denial-of-service (DOS) vulnerability in table partitioning (PMASA-2016-68) - Multiple SQL injection vulnerabilities (PMASA-2016-69) - Incorrect serialized string parsing (PMASA-2016-70) - CSRF token not stripped from the URL (PMASA-2016-71) Checksums-Sha1: baf22e494993bba740132223ffb9893e0e97eeb7 1948 phpmyadmin_4.6.5.1-1.dsc 42c375cd64ac4eebb79ca28c9dbb7622e054919b 6162164 phpmyadmin_4.6.5.1.orig.tar.xz 8dd33da4461dc86b77ff07246379e7c8f57fb44f 79324 phpmyadmin_4.6.5.1-1.debian.tar.xz Checksums-Sha256: 75694ace1fdb75c65140b6e364d02f1b914f0ee3d03f1229818cba4d89746495 1948 phpmyadmin_4.6.5.1-1.dsc e163b08b6d1137fd7c48ea97e8e53be415b1937f5e5f7e070936a60c3b9a3df0 6162164 phpmyadmin_4.6.5.1.orig.tar.xz 4e8da8b2b2899c4d5096f4fee6e7101b0536e5bcc8768253da555b842f491e34 79324 phpmyadmin_4.6.5.1-1.debian.tar.xz Files: 95eadaadacf424779141dfcb11fb05aa 1948 web extra phpmyadmin_4.6.5.1-1.dsc 519c03b0296fb7ec854d57ecd43cd07f 6162164 web extra phpmyadmin_4.6.5.1.orig.tar.xz 5bb91838050304c6ab5c11b5d8662b9f 79324 web extra phpmyadmin_4.6.5.1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEh+Zzr4P2w6DDRMjD9KoinU1YwkUFAlg7+VQACgkQ9KoinU1Y wkW76RAAt2xmGMcYOeKgC+M5iqCJiexGYyJ3/VWTQn9GjFW0rRZ1m2PlwW7TmXlr dfc+mbQRaf+QweYYJ4lAPjyx4aPpLAbE6+TItzBEWDYuNFZJgHjBreOKJx5pEiey OCvopD5ocYKMmt9vMce9L1/Qs8ipkCG45WYtwU1zTouhIJQkC6YxCAh7K/WKv8Ux llh0PUCCRkbLFnhi/wmpdrQno5f8Prhv86dRBA2oJvNhPXVbUh341EOzCu1FBfyj iNkahHbwlJHZ3yLoZ8Cpp5ZW0HN1ZVFAPIbzpUY8WLq4NSb1zH172VPmyPBw8UcU 4PNwk0k6yutxE5cfVsNyOIWk/sZ9SK/6HxvILUVuLTBdpdnj6uJCHXp/68++be41 2MGGnuescnZO3KoEjI2C10slyNn+JokuCd2WSMg9h/4mthQx61IQ9dzd1d8Ciz3k joZf9Lod0ZdYzKMAuW04l4COtWbHFNSSJdqYCXqJRIzBrXqAC0t3HyuoAfQf31LZ nzMzJ6P8RBZ/NOzeIjJWyx45BpmBwMW73jWdqNefcmYm0t/5GH7kX8eZoeCaGlp9 W6Esm+N7BQ3I8yC4bNNOFxDZ1uApvsdhv5df9vkAUU//9jToa7Hs0TIml4tIW7Gr A3JTL8x6YbTrLsT68z9giIU3s+p0UbpVgtc+Yqob9B/W05q8OU4= =N/cS -----END PGP SIGNATURE-----