Your message dated Mon, 25 Nov 2019 11:37:27 +0000 with message-id <e1izcgj-00016a...@fasolo.debian.org> and subject line Bug#945349: fixed in phpmyadmin 4:4.9.2+dfsg1-1 has caused the Debian Bug report #945349, regarding phpmyadmin: CVE-2019-18622 / PMASA-2019-5 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 945349: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945349 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: phpmyadmin Version: 4:4.9.1+dfsg1-2 Severity: grave Tags: security upstream Justification: user security hole Hi, The following vulnerability was published for phpmyadmin. CVE-2019-18622[0]: | An issue was discovered in phpMyAdmin before 4.9.2. A crafted | database/table name can be used to trigger a SQL injection attack | through the designer feature. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-18622 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622 [1] https://www.phpmyadmin.net/security/PMASA-2019-5/ Please adjust the affected versions in the BTS as needed. Versions at least as old as 4.7.7 are affected, possibly olders as well, but looks upstream has only confirmed it (or investigated it) back to 4.7.7. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: phpmyadmin Source-Version: 4:4.9.2+dfsg1-1 We believe that the bug you reported is fixed in the latest version of phpmyadmin, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 945...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Felipe Sateler <fsate...@debian.org> (supplier of updated phpmyadmin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 25 Nov 2019 07:55:27 -0300 Source: phpmyadmin Architecture: source Version: 4:4.9.2+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: phpMyAdmin Packaging Team <team+phpmyad...@tracker.debian.org> Changed-By: Felipe Sateler <fsate...@debian.org> Closes: 944514 944711 945349 Changes: phpmyadmin (4:4.9.2+dfsg1-1) unstable; urgency=medium . [ William Desportes ] * New upstream version 4.9.2. (Closes: #944711) * Fixes a security vulnerability in the Designer feature. (PMASA-2019-5, CVE-2019-18622, Closes: #945349) * Add debian gitlab pipelines config. . [ Matthias Blümel ] * remove creation of the vendor dir in rules. * remove unnecessary removal of openlayers. * fix autopkg-tests * simplify patch for phpunit 8 by adding ": void" on demand * remove test/selenium to get autopkg working * Do not fail removal if there are other avahi services or desktop files rmdir fails if it can't remove the directory because there are other files left. Since we only care about removing the directory to clean up if we are the last user, we can pass --ignore-fail-on-non-empty. (Closes: #944514) Checksums-Sha1: 8e60b4c5eb19b84b7d091f9c7ad620fb96819dce 2704 phpmyadmin_4.9.2+dfsg1-1.dsc 7138142a5efb76fdbc0caab3fc920414a93b2513 11364580 phpmyadmin_4.9.2+dfsg1.orig.tar.xz a9324b543d9daf140704daa08f4d946ab2043d68 82640 phpmyadmin_4.9.2+dfsg1-1.debian.tar.xz Checksums-Sha256: 96ddc3c99c4c0b41185e7d7e3237798d05812f073ffda473bf1812a8bdf68033 2704 phpmyadmin_4.9.2+dfsg1-1.dsc 9be59eb47d6e12a95e61cff1b3ecbee7373882c2d3e5714ea02a4a6751f922cb 11364580 phpmyadmin_4.9.2+dfsg1.orig.tar.xz 5f9503f3cf0f1581d3586572a12272857bb6676e4eb3ef43dd671cb04fbe175f 82640 phpmyadmin_4.9.2+dfsg1-1.debian.tar.xz Files: 09d985d148c0d54ca6975bab4451d97a 2704 web optional phpmyadmin_4.9.2+dfsg1-1.dsc e3b62cf273e1d77196d6a6b049203735 11364580 web optional phpmyadmin_4.9.2+dfsg1.orig.tar.xz 85c48f7b7f2aff54a596a161c3180d00 82640 web optional phpmyadmin_4.9.2+dfsg1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJIBAEBCAAyFiEEIY7gNiAzyHtsE1+ko7q64kCN1s8FAl3buFYUHGZzYXRlbGVy QGRlYmlhbi5vcmcACgkQo7q64kCN1s/NxRAAns3KzP5dgaanJt9+r7fPaRWPrKW6 tAh/t/ILJaMKikMrszU7yfyVc9ZpqfNB0vzOJ/YY0HEaxJjUChBpJjCE2EgOHbKO ywo6fsQk+nxCdArNAvzw+VbuVExz2A6yYHJwPFvRApWNcdJD9X/B3H0tbDZgGfgU pKJ8Y2fUAGvH5TA7tAFLveS8L7K/USC7j4hCDURshyzdtK6rNyBnJhmtfVxTEY7a FVCt7u+HWCtz1cnExGR9HalM2XOxsfK9pMsV0GJHAV9L/nUfe1rnexNRL0BHmw9o e6G0yD5q7PpDOPlYTrYOzuDg5ac2ajF4MAjd628EmEPOkF76Q4UEHxGHcgiU3ntc 2waOeUW25TYJefqSTTkIb5uzql/bJQ44PyF4wYJXZFYFGDOc1mxojQ2y8M487jPg KS8E74poaj6bhdizQSa9CbMjWZnnLnvVqdClVMpod7xUka89NtPaVDPSSKCGvrk2 3S7bJAh2SQKAue53nNigbmVjVhYQJOU5bl9dC284f0/ayoOwqf+f25FlLYNru0CA QfLZgcx0ye2E5tLKbGaC/B8h1yoDScw9HJmHurB7Nz+Bu7e5AQ2OE1z2rCIQZVzS kJ20SFiVoX0dxRn2+Pdy/vQNf1TiupkkwZO4d2OcOI8DfyF/Z2hMm0rPbv42wf4B rutzN0UPFCvYZhs= =6T3B -----END PGP SIGNATURE-----
--- End Message ---
