-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 06 Dec 2016 08:18:14 +1100 Source: phpmyadmin Binary: phpmyadmin Architecture: source all Version: 4:3.4.11.1-2+deb7u7 Distribution: wheezy-security Urgency: high Maintainer: Thijs Kinkhorst <thijs@debian.org> Changed-By: Brian May <bam@debian.org> Description: phpmyadmin - MySQL web administration tool Changes: phpmyadmin (4:3.4.11.1-2+deb7u7) wheezy-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2016-4412 / PMASA-2016-57: A user can be tricked in following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. * CVE-2016-6626 / PMASA-2016-49: In the fix for PMASA-2016-57, we didn't have sufficient checking and was possible to bypass whitelist. * CVE-2016-9849 / PMASA-2016-60: Username deny rules bypass (AllowRoot & Others) by using Null Byte. * CVE-2016-9850 / PMASA-2016-61: Username matching for the allow/deny rules may result in wrong matches and detection of the username in the rule due to non-constant execution time. * CVE-2016-9861 / PMASA-2016-66: In the fix for PMASA-2016-49, we has buggy checks and was possible to bypass whitelist. * CVE-2016-9864 / PMASA-2016-69: Multiple SQL injection vulnerabilities. * CVE-2016-9865 / PMASA-2016-70: Due to a bug in serialized string parsing, it was possible to bypass the protection offered by PMA_safeUnserialize() function. Checksums-Sha1: aa07fd9e19021b50101e7e35800cc070919f2eda 1955 phpmyadmin_3.4.11.1-2+deb7u7.dsc d9f420c7664815ac91b63046f9ab2869adb1c2ab 5844325 phpmyadmin_3.4.11.1.orig.tar.gz 728d79372fada8ac8e076f04f12b63ba0011827a 109506 phpmyadmin_3.4.11.1-2+deb7u7.debian.tar.gz 2807ec179d8fe5ad6d093bcc4584877c9f6e03f1 5541358 phpmyadmin_3.4.11.1-2+deb7u7_all.deb Checksums-Sha256: c956a378a32eb6dfe039853607e4cc3ac2cafb5198eee46d9a1c1b65c8938e47 1955 phpmyadmin_3.4.11.1-2+deb7u7.dsc e29332102cb1f9aac583c71e2b73c8916d3bbb8771fb8a28a4863e837be0dae6 5844325 phpmyadmin_3.4.11.1.orig.tar.gz f847c88355f7ec445d293bad50196dba1e15078889358a5c58d536a6bae20ec8 109506 phpmyadmin_3.4.11.1-2+deb7u7.debian.tar.gz 9a8cc217674bc42d5fd6ffd4d6a5dab7169101f51aa69969820ce0c9cddd3027 5541358 phpmyadmin_3.4.11.1-2+deb7u7_all.deb Files: af007d38ad7e2cd01869a52f7f5004f4 1955 web extra phpmyadmin_3.4.11.1-2+deb7u7.dsc e54cedac04ef1743eae381c9affd2fc1 5844325 web extra phpmyadmin_3.4.11.1.orig.tar.gz 037f2c5b770b5fa0bb1c1290421d8bd4 109506 web extra phpmyadmin_3.4.11.1-2+deb7u7.debian.tar.gz fb2cf74b6c43a4340b3538872a6ee46d 5541358 web extra phpmyadmin_3.4.11.1-2+deb7u7_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE1jZRJqkttWDGJ6ztF4RXf4EfbqwFAlhbbmoACgkQF4RXf4Ef bqyXyw//ZMy+W4CW+Avk7K1yERUtN3B4S4AuTKKuON79+dkF7Uh3w++wYi+GfBZ8 JHWkZ4tUrp8zWKSjl87ojZZ7QHj/Hzdu4NDqt1k+iFpXVhO1XsjnUJyEHv4P2siz QWGLUcdxPrW6BUjTmc7xExc5Pf3xcIGDdoP01vZ7QhmcMLdmYIR0RGdghe2jNS+2 8myuv+RuGF01bh0MiO25FIgkQgRT+9AbM1YtFNhrEeQqznT/xmGn8+C0f9chy6p2 /y0tEAu7rvsts0xzGnBesLUONRQUqt5tt9eDdK5h4MWgG+kXFX/uXOMyn6AjKlzf SiZGwDWfbMY84DGMkL9JOkwi3Z8wKGF9LH2bntOh0iK4oXemdk5iovTcUXSxse58 5xRil5pZKnRZdzYI1yusSDGW8Dl7DchZBFn3RkLV9Cga1lrvcapeOnDV5oUJV7ib XyI5P0rLKfH75vXx0zV/udE6JUbTgyUM9Ee3puPHMyCAVd36DIkKRHWHo7T2ODvh 7YsiTf9v44X2Qk6GbKNH5dDtbaugnXTUX+Z6rsL4Cyd3etEdh0ZDgyfRS9KZKXQl h9dyVWVY6KT7MVpFqUBSLsiQx/zUh/8WgbijCQKJVGJvx2DL80ZOLKpZjIHR5F32 +Hx/PVB4D6kaMRCc3yuzwiSNDIVLRY9+MCVOpahYeTG2Uj29Kbs= =lZ37 -----END PGP SIGNATURE-----
