Your message dated Mon, 16 Mar 2020 16:50:39 +0000
with message-id <[email protected]>
and subject line Bug#948718: fixed in phpmyadmin 4:4.9.4+dfsg1-1
has caused the Debian Bug report #948718,
regarding phpmyadmin: CVE-2020-5504
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
948718: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: phpmyadmin
Version: 4:4.9.2+dfsg1-1
Severity: important
Tags: security upstream
Control: found -1 4:4.6.6-4
Hi,
The following vulnerability was published for phpmyadmin.
CVE-2020-5504[0]:
| In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists
| in the user accounts page. A malicious user could inject custom SQL in
| place of their own username when creating queries to this page. An
| attacker must have a valid MySQL account to access the server.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-5504
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5504
[1] https://www.phpmyadmin.net/security/PMASA-2020-1/
[2]
https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: phpmyadmin
Source-Version: 4:4.9.4+dfsg1-1
Done: Felipe Sateler <[email protected]>
We believe that the bug you reported is fixed in the latest version of
phpmyadmin, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Felipe Sateler <[email protected]> (supplier of updated phpmyadmin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 16 Mar 2020 13:25:37 -0300
Source: phpmyadmin
Architecture: source
Version: 4:4.9.4+dfsg1-1
Distribution: unstable
Urgency: medium
Maintainer: phpMyAdmin Packaging Team <[email protected]>
Changed-By: Felipe Sateler <[email protected]>
Closes: 948718
Changes:
phpmyadmin (4:4.9.4+dfsg1-1) unstable; urgency=medium
.
[ William Desportes ]
* New upstream version 4.9.4 (PMASA-2020-1, CVE-2020-5504, Closes: #948718)
* Exclude a test on Debian CI for 32bit systems (#854821)
* Upgrade Debian standards from 4.3.0 to 4.4.1
.
[ Felipe Sateler ]
* Don't run tests if DEB_BUILD_OPTIONS contains nocheck
* copyright: fix wildcards for node_modules.
Files do not match directories. An explicit /* must be added at the end
* Add lintian overrides for
package-contains-documentation-outside-usr-share-doc. Those READMEs
document
the respective directories
* Bump debhelper compat level to 12.
Move --fail-missing option to dh_missing
* Add Rules-Requires-Root: no.
We don't need (fake)root to build the package
* Bump dependency on motranslator. API is the same, but support for older php
versions was dropped, so a major semver break was needed. In debian we
already have the newer php versions so we can just bump the dependency.
* Trim trailing whitespace.
* Wrap long lines in changelog entries: 4:4.9.4+dfsg1-1, 4:4.9.2+dfsg1-
1, 4:4.9.0.1+dfsg1-1, 4:4.6.5.1-1, 4:3.3.9-1ubuntu1.
* Fix misspelling of Close => Closes.
* Set field Upstream-Name in debian/copyright.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Repository,
Repository-Browse.
.
[ Hridoy Bapery ]
* Added translation using Weblate (Bengali (Bangladesh))
* Added translation using Weblate (Bengali)
* Translated using Weblate (Bengali)
Currently translated at 100.0% (2 of 2 strings)
Checksums-Sha1:
6557c47f8c2128450e7255a587b1a9ca1d46f4ac 2711 phpmyadmin_4.9.4+dfsg1-1.dsc
4f7f5b93a91d91aad30b03025042d645364d8a71 11383460
phpmyadmin_4.9.4+dfsg1.orig.tar.xz
cd337dbbef09838da8f5c454ff6dfdec1d553533 83788
phpmyadmin_4.9.4+dfsg1-1.debian.tar.xz
Checksums-Sha256:
ed6ff1e04375fb77872773ab0475e28fd553e18349b886ad44c00e6198c504f2 2711
phpmyadmin_4.9.4+dfsg1-1.dsc
631abc7c22a53d3811dd859408e5fa57c773b22e1225a1432b1126cf061624ba 11383460
phpmyadmin_4.9.4+dfsg1.orig.tar.xz
ab95adba2a6b5d0989517b5bc8631211263119895e9531aff58260114cb69fea 83788
phpmyadmin_4.9.4+dfsg1-1.debian.tar.xz
Files:
219f6923bb5bcfbcca870b15c5fbf37d 2711 web optional phpmyadmin_4.9.4+dfsg1-1.dsc
27fc757585e28fb59b2c38dd665968d6 11383460 web optional
phpmyadmin_4.9.4+dfsg1.orig.tar.xz
9979c93f1fc6348e03d80633fbc80344 83788 web optional
phpmyadmin_4.9.4+dfsg1-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCAAyFiEEIY7gNiAzyHtsE1+ko7q64kCN1s8FAl5vqVkUHGZzYXRlbGVy
QGRlYmlhbi5vcmcACgkQo7q64kCN1s8+OQ//Wojyyeen2foL3IJwa7H4oiXT/S1n
KIJ05ibrO8PUA8CxsIR/3SA6FWJ84iGCUgWr98+tQtEuEep0k/vnCd+MijrWxjab
sU75CAES0aSnUgeOshFjBuJyYhebx/jaHNdjZC21FVAz8m3v6Am/YM4F6dwNOmBG
UiOHnUWJItAFnzzOkack4zJzccV0JyzhjEYxf+u5/NGD8v5N3wFxz6Ka6zJ2f9jq
I+lca4bjvXWG+sVY5y+dgPFpZSSISQo4qTJ84sh2D9zB5d9IMXGU6EwHoaaR3wM+
uWPdxmneetn2PHW49Bl+p6eyGiuzm8fiSi2ibE+HrIwVxOSl9Ojrca4LUzECeQCP
fp7m33D7CVRVaQ63wJQCSiERTUznuOcsfOt+Tv7AfINMSebcaTtnajUiaPn0MjvM
P+LeXE5SfpjRrzN6/JtKeTfXBlWX/kLYDpcglW2YItAwCrUso1Sr70J1wHu3Y0q5
fPGWVaOhCDQsaQxqcS+Lcn2B7/u6cax/qKxD3EY0IA1aSbTu5YkF7Mrt6BMnGqPX
I5J0OB/olXoqbrBUzm0B1jF7O7xuoybC9dKQf99qetGnzsfKKIxEMHDtJnoLVlNH
uesBcVR9y/45lB8A4U4j5EnU1BwcCnRJCcihp5VnMi21JeW7cZN0nVTczsV35Wtp
pZ8aO7ttXFjaLME=
=Knle
-----END PGP SIGNATURE-----
--- End Message ---
