Hello community, here is the log from the commit of package phpMyAdmin for openSUSE:Factory checked in at 2019-07-01 10:44:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/phpMyAdmin (Old) and /work/SRC/openSUSE:Factory/.phpMyAdmin.new.4615 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "phpMyAdmin" Mon Jul 1 10:44:30 2019 rev:158 rq:712644 version:4.9.0.1 Changes: -------- --- /work/SRC/openSUSE:Factory/phpMyAdmin/phpMyAdmin.changes 2019-06-06 18:18:10.656671001 +0200 +++ /work/SRC/openSUSE:Factory/.phpMyAdmin.new.4615/phpMyAdmin.changes 2019-07-01 10:44:30.809491035 +0200 @@ -1,0 +2,7 @@ +Sun Jun 30 13:05:23 UTC 2019 - chris@computersalat.de + +- fix changelog + * add missing boo# with relation to CVE and PMASA +- rebase phpMyAdmin-config.patch + +------------------------------------------------------------------- @@ -5,4 +11,0 @@ - * CVE-2019-11768: PMASA-2019-3 is an SQL injection flaw in the - Designer feature - * CVE-2019-12616: PMASA-2019-4 is a CSRF attack that's possible - through the 'cookie' login form @@ -26,0 +30,8 @@ +- fix for boo#1137497 + * PMASA-2019-4 (CVE-2019-12616, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2019-4/ + - CSRF vulnerability in login form +- fix for boo#1137496 + * PMASA-2019-3 (CVE-2019-11768, CWE-661) + https://www.phpmyadmin.net/security/PMASA-2019-3/ + - SQL injection in Designer feature ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ phpMyAdmin-config.patch ++++++ --- /var/tmp/diff_new_pack.npvkQo/_old 2019-07-01 10:44:32.969494561 +0200 +++ /var/tmp/diff_new_pack.npvkQo/_new 2019-07-01 10:44:32.981494580 +0200 @@ -250,7 +250,7 @@ =================================================================== --- libraries/vendor_config.php.orig +++ libraries/vendor_config.php -@@ -17,25 +17,25 @@ if (! defined('PHPMYADMIN')) { +@@ -28,25 +28,25 @@ define('TEMP_DIR', './tmp/'); * Path to changelog file, can be gzip compressed. Useful when you want to * have documentation somewhere else, eg. /usr/share/doc. */