Your message dated Sat, 17 May 2025 09:37:58 +0000
with message-id <[email protected]>
and subject line Close 1102399
has caused the Debian Bug report #1102399,
regarding bookworm-pu: package phpmyadmin/4:5.2.1+dfsg-1+deb12u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1102399: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102399
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
User: [email protected]
Usertags: pu
X-Debbugs-Cc: phpMyAdmin Packaging Team <[email protected]>,
[email protected]
* CVE-2025-24529: XSS on Insert page
* CVE-2025-24530: XSS when checking tables
diffstat for phpmyadmin-5.2.1+dfsg phpmyadmin-5.2.1+dfsg
changelog | 8 +
patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch | 79
++++++++++
patches/0002-Fix-unescaped-table-name-when-checking-tables.patch | 37 ++++
patches/series | 2
4 files changed, 126 insertions(+)
diff -Nru phpmyadmin-5.2.1+dfsg/debian/changelog
phpmyadmin-5.2.1+dfsg/debian/changelog
--- phpmyadmin-5.2.1+dfsg/debian/changelog 2023-02-08 14:57:42.000000000
+0200
+++ phpmyadmin-5.2.1+dfsg/debian/changelog 2025-04-08 18:25:51.000000000
+0300
@@ -1,3 +1,11 @@
+phpmyadmin (4:5.2.1+dfsg-1+deb12u1) bookworm; urgency=medium
+
+ * Non-maintainer upload.
+ * CVE-2025-24529: XSS on Insert page
+ * CVE-2025-24530: XSS when checking tables
+
+ -- Adrian Bunk <[email protected]> Tue, 08 Apr 2025 18:25:51 +0300
+
phpmyadmin (4:5.2.1+dfsg-1) unstable; urgency=medium
* Add a d/pkg-php-tools-overrides to force the PHP 8.0 polyfill dep
diff -Nru
phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch
phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch
---
phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch
1970-01-01 02:00:00.000000000 +0200
+++
phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch
2025-04-08 16:15:24.000000000 +0300
@@ -0,0 +1,79 @@
+From 8ee84b67eca8a8178fec498188d968d95212e932 Mon Sep 17 00:00:00 2001
+From: Maurício Meneghini Fauth <[email protected]>
+Date: Sun, 12 Jan 2025 22:39:06 -0300
+Subject: Fix XSS vulnerability on Insert page
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth <[email protected]>
+---
+ libraries/classes/InsertEdit.php | 4 ++--
+ psalm-baseline.xml | 2 +-
+ test/classes/InsertEditTest.php | 14 ++++++++++++--
+ 3 files changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/libraries/classes/InsertEdit.php
b/libraries/classes/InsertEdit.php
+index 3e6ab3e411..72971c0b88 100644
+--- a/libraries/classes/InsertEdit.php
++++ b/libraries/classes/InsertEdit.php
+@@ -1124,8 +1124,8 @@ private function
getSpecialCharsAndBackupFieldForInsertingMode(
+ } elseif ($trueType === 'binary' || $trueType === 'varbinary') {
+ $specialChars = bin2hex($column['Default']);
+ } elseif (substr($trueType, -4) === 'text') {
+- $textDefault = substr($column['Default'], 1, -1);
+- $specialChars = stripcslashes($textDefault !== false ?
$textDefault : $column['Default']);
++ $textDefault = (string) substr($column['Default'], 1, -1);
++ $specialChars = htmlspecialchars(stripcslashes($textDefault !==
'' ? $textDefault : $column['Default']));
+ } else {
+ $specialChars = htmlspecialchars($column['Default']);
+ }
+diff --git a/psalm-baseline.xml b/psalm-baseline.xml
+index a07466f7bf..4f053c0a6a 100644
+--- a/psalm-baseline.xml
++++ b/psalm-baseline.xml
+@@ -8183,7 +8183,7 @@
+ <code>$specialChars</code>
+ <code>$specialChars</code>
+ <code>$specialCharsEncoded</code>
+- <code>$textDefault !== false ? $textDefault : $column['Default']</code>
++ <code>$textDefault !== '' ? $textDefault : $column['Default']</code>
+ <code>$transformationPlugin->getScripts()</code>
+ <code>$transformation[$type . '_options'] ?? ''</code>
+ <code>$trueType</code>
+diff --git a/test/classes/InsertEditTest.php b/test/classes/InsertEditTest.php
+index 6bbe885c12..c3f8234586 100644
+--- a/test/classes/InsertEditTest.php
++++ b/test/classes/InsertEditTest.php
+@@ -1714,9 +1714,9 @@ public function
providerForTestGetSpecialCharsAndBackupFieldForInsertingMode():
+ [
+ false,
+ '"lorem\"ipsem"',
+- 'lorem"ipsem',
++ 'lorem"ipsem',
+ '',
+- 'lorem"ipsem',
++ 'lorem"ipsem',
+ ],
+ ],
+ 'varchar with html special chars' => [
+@@ -1732,6 +1732,16 @@ public function
providerForTestGetSpecialCharsAndBackupFieldForInsertingMode():
+ 'hello world<br><b>lorem</b> ipsem',
+ ],
+ ],
++ 'text with html special chars' => [
++ ['True_Type' => 'text', 'Default' =>
'\'</textarea><script>alert(1)</script>\''],
++ [
++ false,
++ '\'</textarea><script>alert(1)</script>\'',
++ '</textarea><script>alert(1)</script>',
++ '',
++ '</textarea><script>alert(1)</script>',
++ ],
++ ],
+ ];
+ }
+
+--
+2.30.2
+
diff -Nru
phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch
phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch
---
phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch
1970-01-01 02:00:00.000000000 +0200
+++
phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch
2025-04-08 16:15:24.000000000 +0300
@@ -0,0 +1,37 @@
+From 198467709c031c52fb9143995e325bcbf67eed52 Mon Sep 17 00:00:00 2001
+From: Maurício Meneghini Fauth <[email protected]>
+Date: Tue, 15 Oct 2024 12:27:22 -0300
+Subject: Fix unescaped table name when checking tables
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth <[email protected]>
+---
+ libraries/classes/Table/Maintenance.php | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libraries/classes/Table/Maintenance.php
b/libraries/classes/Table/Maintenance.php
+index 97c3423e91..2a2596c2bd 100644
+--- a/libraries/classes/Table/Maintenance.php
++++ b/libraries/classes/Table/Maintenance.php
+@@ -13,6 +13,7 @@
+ use PhpMyAdmin\Util;
+
+ use function __;
++use function htmlspecialchars;
+ use function implode;
+ use function sprintf;
+
+@@ -119,7 +120,7 @@ public function getIndexesProblems(DatabaseName $db, array
$tables): string
+ continue;
+ }
+
+- $indexesProblems .= sprintf(__('Problems with indexes of table
`%s`'), $table->getName());
++ $indexesProblems .= htmlspecialchars(sprintf(__('Problems with
indexes of table `%s`'), $table->getName()));
+ $indexesProblems .= $check;
+ }
+
+--
+2.30.2
+
diff -Nru phpmyadmin-5.2.1+dfsg/debian/patches/series
phpmyadmin-5.2.1+dfsg/debian/patches/series
--- phpmyadmin-5.2.1+dfsg/debian/patches/series 2023-02-08 14:57:42.000000000
+0200
+++ phpmyadmin-5.2.1+dfsg/debian/patches/series 2025-04-08 18:25:51.000000000
+0300
@@ -9,3 +9,5 @@
Drop-depends-on-paragonie-sodium_compat-since-PHP-7.2-is-required.patch
Skip-part-of-RoutingTest-testGetDispatcher.patch
Adjust-path-for-source-files-in-tests.patch
+0001-Fix-XSS-vulnerability-on-Insert-page.patch
+0002-Fix-unescaped-table-name-when-checking-tables.patch
--- End Message ---
--- Begin Message ---
Version: 12.11
This update has been released as part of 12.10. Thank you for your contribution.
--- End Message ---
