-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 24 Feb 2017 06:31:04 +0100 Source: phpmyadmin Binary: phpmyadmin Architecture: source all Version: 4:3.4.11.1-2+deb7u8 Distribution: wheezy-security Urgency: high Maintainer: Thijs Kinkhorst <thijs@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: phpmyadmin - MySQL web administration tool Changes: phpmyadmin (4:3.4.11.1-2+deb7u8) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-6621 / PMASA-2016-44/: A server-side request forgery vulnerability was reported for the setup script. This flaw can allow an unauthenticated attacker to brute-force MYSQL passwords, detect internal hostnames or opened ports on the internal network. Additionally there was a race condition between writing configuration and administrator moving it allowing unauthenticated users to read or alter it. Debian users who configured phpmyadmin via debconf and used the default configuration for apache2 or lighttpd were never affected. Checksums-Sha1: 26e6807cf85aba523ebe4c8c0772296dc0d56b64 2106 phpmyadmin_3.4.11.1-2+deb7u8.dsc b3beb6ff360a0bbb2c9e76ccbb3d82fe95fd61cd 111694 phpmyadmin_3.4.11.1-2+deb7u8.debian.tar.gz a0e3c83c3eee8b60ff3f102da4348050181222ad 5536938 phpmyadmin_3.4.11.1-2+deb7u8_all.deb Checksums-Sha256: 4baa4f6fda2ea99a58363adb408dd8e83d14b6cf8e4c02c1d3a0ab4b75335dc5 2106 phpmyadmin_3.4.11.1-2+deb7u8.dsc 977bf6572557dd433cf1c26f33bb0edeb759d15bb8ac53f3fda83d6f1cbafaaf 111694 phpmyadmin_3.4.11.1-2+deb7u8.debian.tar.gz 3d5647c0e377be9d5d7ca04524ab2f6b672f409df34b31c7826a221bdfe5a147 5536938 phpmyadmin_3.4.11.1-2+deb7u8_all.deb Files: eeb8133a55f6cd30fe1f487b0a5823f1 2106 web extra phpmyadmin_3.4.11.1-2+deb7u8.dsc e37d6e67c2ab9bcf0578cd0515370805 111694 web extra phpmyadmin_3.4.11.1-2+deb7u8.debian.tar.gz 76e1f3b8d68967dd1ddd50214118ae22 5536938 web extra phpmyadmin_3.4.11.1-2+deb7u8_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlivyHxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkm9cQALb3Gyg69LkUjuJ8FVuzNyQHdZJxehkLHRQw bO26c1zBc/v09WkckWKl0NDB5FmmWHkALP3dO29vFhMocaiQNbht8HCs6GLtTx3+ 1kOoanKzJ9KPQipYl2w3r+G4CfXmUoNE5j9Nz3WjSIKF8THHMLP+/Eg9paLCCRWT JAP7/FNPiEE2ew7e38oNjzPT/2lxI90gMjzGR9fXaYun0lqNnBcm7WfXKzyjN36e 0CJoSWD1pvTSJc+fX67Apeurvlq6dqvAp6U/o1A1hRCx2JaVtmESMBn6mW8vMTxq 1+rWeW4kPPRfTXcYjxduY2qlIt32TptaX/koRfI9/eWTCMkzvkyK/v6A/Y2IBwgi 97hPnmEYFLqrk1M0WkfFQ38jcpKFxSyejaYJOEoMICNIfAQ5Gd8cN+1yVsTvtODU 7bEN2U6SMP3Zf96k6HCd7VmEYDFNyJWxr8Lgug5t8bRl8UWJQlmIDCxv0amU0PtC jdyl0tdBp6SDeHhc47SbKzLF3Q3slnYUJtqZafs8vMGZDebUaJPaSQQir78cX4Sx oabs+Pd0vz+aZUoENJKLLZTXtD1hjarYg12tpWe57gdk3SCqLGw01fPcXx5VlIFu vuT3v0c3OM5dbfHCVMt+J1IIXYMkd6N/Z4vVXohMFnjy0dEvjBoNJc8YTEp3oxVH V6FMLNq5 =Nq0o -----END PGP SIGNATURE-----