adminer - Debian Package Tracker

general

source: adminer (main)
version: 4.8.1-4
maintainer: Alexandre Rossi (DMD)
arch: all
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.7.1-1+deb10u1
oldstable: 4.7.9-2
stable: 4.8.1-1
testing: 4.8.1-4
unstable: 4.8.1-4

versioned links

4.7.1-1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.7.9-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.8.1-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

adminer (1 bugs: 0, 0, 1, 0)

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

In debian/watch no matching files for watch line
  https://github.com/vrana/adminer/releases .*/adminer-(.*)\.tar\.gz

Created: 2025-02-23 Last update: 2025-03-08 22:00

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2023-45195: Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
CVE-2023-45196: Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

Created: 2024-06-28 Last update: 2024-06-28 20:13

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 4.17.1-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 0ded443a65d037d171dcf63f0fcb53f9e3658a66
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 14:59:08 2025 +0100

    Update changelog for 4.17.1-1 release

commit 2a152f5233008fadb7e4df3e074baf89dd4896cb
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 14:57:51 2025 +0100

    add php-jsshrink as patch because missing in src tarball

commit d9bd83d1056f532d389130dddd6a290a9b83a862
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 14:28:53 2025 +0100

    drop patches (re-implemented upstream another way)

commit 9cecfc285863272dcbe1ae0b205f8b6d1def791e
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 13:22:20 2025 +0100

    simplify and fix source lintian-overrides

commit 74074f9e543f27c3b7f663b9a15712584a09ef04
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 13:21:55 2025 +0100

    libjs-jush is now packaged separately

commit 8d1f3e1cf2bd2cf08545c07b35d65a9a0731ce45
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 13:20:51 2025 +0100

    rmdir not needed anymore
    
    Gbp-Dch: ignore

commit 4d8dddce94a5e88d5202de5a69232f6081ff2725
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 12:49:01 2025 +0100

    document that software is dual licensed with Apache OR GPL-2

commit a7a227d11d44e587ae5768442a66e003964e5917
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 12:45:51 2025 +0100

    update packaging copyright years
    
    Gbp-Dch: ignore

commit 8cb5b132ad72a2e5acbd90c8ca01f8ca3ce7c5ad
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 12:39:15 2025 +0100

    declare compliance to policy 4.7.2.0 (no change)

commit 1563e522842cfde76ce8c3a7fafceae4c10883e3
Merge: 95f0f78 c350299
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 12:30:15 2025 +0100

    Update upstream source from tag 'upstream/4.17.1'
    
    Update to upstream version '4.17.1'
    with Debian dir b5cbea19be80cf4bfa2fb2bf2d4e73e6eacc5969

commit c3502995ac928039c56b0aef05b58928a643f15b
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 12:30:15 2025 +0100

    New upstream version 4.17.1

commit 95f0f78fbe61ac81888c112d26e73e894793fbc5
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Thu Feb 27 12:24:08 2025 +0100

    d/watch: switch to github api

commit d7d675b21443144a92d05027a29c7cfc3427f9db
Author: Alexandre Rossi <alexandre.rossi@gmail.com>
Date:   Wed Jul 31 06:48:37 2024 +0200

    d/copyright: MIT->Expat and designs license clarifications

Created: 2024-07-31 Last update: 2025-03-08 15:37

RFS: A sponsor is needed to update this package. normal

A Debian contributor is looking for a sponsor to upload a package update. It might be the regular maintainer who does not have any upload right yet, or it might be someone who just wants to help for a bugfix or a new upstream version. In any case, if you have upload rights and care about this package and Debian in general, you should look into sponsoring this update. Please see bug number #1099037 for more information.

Created: 2025-02-27 Last update: 2025-02-27 19:00

2 low-priority security issues in bookworm low

There are 2 open security issues in bookworm.

2 issues left for the package maintainer to handle:

CVE-2023-45195: (needs triaging) Adminer and AdminerEvo are vulnerable to SSRF via database connection fields. This could allow an unauthenticated remote attacker to enumerate or access systems the attacker would not otherwise have access to. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.
CVE-2023-45196: (needs triaging) Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in AdminerEvo version 4.8.4.

You can find information about how to handle these issues in the security team's documentation.

Created: 2024-06-28 Last update: 2025-02-27 05:02

debian/patches: 2 patches to forward upstream low

Among the 3 debian patches available in version 4.8.1-4 of the package, we noticed the following issues:

2 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2024-07-31 Last update: 2024-07-31 07:20

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:24

news

[rss feed]

[2024-08-02] adminer 4.8.1-4 MIGRATED to testing (Debian testing watch)
[2024-07-30] Accepted adminer 4.8.1-4 (source) into unstable (Alexandre Rossi) (signed by: Boyuan Yang)
[2024-07-29] adminer REMOVED from testing (Debian testing watch)
[2024-02-06] adminer 4.8.1-2 MIGRATED to testing (Debian testing watch)
[2024-02-01] Accepted adminer 4.8.1-2 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2022-08-13] Accepted adminer 4.7.1-1+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Emilio Pozuelo Monfort)
[2022-05-13] Accepted adminer 4.2.5-3+deb9u3 (source all) into oldoldstable (Chris Lamb)
[2021-08-20] adminer 4.8.1-1 MIGRATED to testing (Debian testing watch)
[2021-08-17] Accepted adminer 4.8.1-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2021-05-31] adminer 4.7.9-2 MIGRATED to testing (Debian testing watch)
[2021-05-26] Accepted adminer 4.7.9-2 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2021-03-05] Accepted adminer 4.7.9-1~bpo10+1 (source all) into buster-backports (Alexandre Rossi) (signed by: Chris Lamb)
[2021-03-02] Accepted adminer 4.2.5-3+deb9u2 (source all) into oldstable (Utkarsh Gupta)
[2021-02-10] adminer 4.7.9-1 MIGRATED to testing (Debian testing watch)
[2021-02-08] Accepted adminer 4.7.9-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2020-12-10] adminer 4.7.8-2 MIGRATED to testing (Debian testing watch)
[2020-12-08] Accepted adminer 4.7.8-2 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2020-05-18] Accepted adminer 4.7.7-1~bpo10+1 (source all) into buster-backports (Alexandre Rossi) (signed by: Chris Lamb)
[2020-05-14] adminer 4.7.7-1 MIGRATED to testing (Debian testing watch)
[2020-05-11] Accepted adminer 4.7.7-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2020-05-03] Accepted adminer 4.7.6-1~bpo10+1 (source all) into buster-backports (Alexandre Rossi) (signed by: Chris Lamb)
[2020-02-07] adminer 4.7.6-1 MIGRATED to testing (Debian testing watch)
[2020-02-04] Accepted adminer 4.7.6-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2019-11-26] Accepted adminer 4.7.5-1~bpo10+1 (source all) into buster-backports, buster-backports (Alexandre Rossi) (signed by: Chris Lamb)
[2019-11-18] adminer 4.7.5-1 MIGRATED to testing (Debian testing watch)
[2019-11-15] Accepted adminer 4.7.5-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2019-10-26] adminer 4.7.4-1 MIGRATED to testing (Debian testing watch)
[2019-10-24] Accepted adminer 4.7.4-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)
[2019-09-08] adminer 4.7.3-1 MIGRATED to testing (Debian testing watch)
[2019-09-06] Accepted adminer 4.7.3-1 (source) into unstable (Alexandre Rossi) (signed by: Chris Lamb)

bugs [bug history graph]

all: 1
RC: 0
I&N: 0
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.8.1-4