diff options
Diffstat (limited to 'meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch')
| -rw-r--r-- | meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch | 48 |
1 files changed, 0 insertions, 48 deletions
diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch deleted file mode 100644 index 1e6bcbda52..0000000000 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch +++ /dev/null @@ -1,48 +0,0 @@ -From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001 -From: Wenzong Fan <wenzong.fan@windriver.com> -Date: Sat, 14 Nov 2015 02:01:54 -0500 -Subject: [PATCH] Port content spoofing fix - -Backport upstream commit for fixing CVE-2015-7873: - https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 - -Upstream-Status: Backport - -Signed-off-by: Marc Delisle <marc@infomarc.info> -Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> ---- - ChangeLog | 4 ++++ - url.php | 3 ++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/ChangeLog b/ChangeLog -index 4cb6708..96936c8 100644 ---- a/ChangeLog -+++ b/ChangeLog -@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog - - issue #11448 Clarify doc about the MemoryLimit directive - - issue #11489 Cannot copy a database under certain conditions - -+4.4.15.1 (2015-10-23) -+- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system -+- issue [security] Content spoofing on url.php -+ - 4.4.15.0 (not yet released) - - issue #11411 Undefined "replace" function on numeric scalar - - issue #11421 Stored-proc / routine - broken parameter parsing -diff --git a/url.php b/url.php -index eec78a5..9c4c884 100644 ---- a/url.php -+++ b/url.php -@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url']) - } - </script>"; - // Display redirecting msg on screen. -- printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url'])); -+ // Do not display the value of $_REQUEST['url'] to avoid showing injected content -+ echo __('Taking you to the target site.'); - } - die(); --- -1.9.1 - |