CaROS/meta-openembedded
3
1
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-01-01 13:58:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

phpmyadmin: fix for Security Advisory CVE-2014-5273

Browse Source 
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow
remote authenticated users to inject arbitrary web script or HTML via the
(1) browse table page, related to js/sql.js; (2) ENUM editor page, related
to js/functions.js; (3) monitor page, related to js/server_status_monitor.js;
(4) query charts page, related to js/tbl_chart.js; or (5) table relations
page, related to libraries/tbl_relation.lib.php.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5273

Signed-off-by: Roy Li <rongqing.li@windriver.com>
This commit is contained in:
Roy Li 2014-10-30 13:37:25 +08:00 committed by Paul Eggleton
parent a4fd0b3410
commit 780fb7c811
2 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
meta-webserver/recipes-php/phpmyadmin/phpmyadmin/0001-bug-4504-security-Self-XSS-in-query-charts.patch Normal file
View File

@ -0,0 +1,29 @@
From 90ddeecf60fc029608b972e490b735f3a65ed0cb Mon Sep 17 00:00:00 2001
From: Madhura Jayaratne <madhura.cj@gmail.com>
Date: Sun, 17 Aug 2014 08:52:05 -0400
Subject: [PATCH] bug #4504 [security] Self-XSS in query charts
Upstream-status: Backport
Signed-off-by: Marc Delisle <marc@infomarc.info>
---
js/tbl_chart.js | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
4.2.7.0 (2014-07-31)
diff --git a/js/tbl_chart.js b/js/tbl_chart.js
index 943d4ae..04c9c40 100644
--- a/js/tbl_chart.js
+++ b/js/tbl_chart.js
@@ -47,7 +47,7 @@ function PMA_queryChart(data, columnNames, settings) {
},
axes : {
xaxis : {
- label : settings.xaxisLabel
+ label : escapeHtml(settings.xaxisLabel)
},
yaxis : {
label : settings.yaxisLabel
--
1.7.10.4

1
meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.2.7.bb
View File

@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=eb723b61539feef013de476e68b5c50a \
file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"
SRC_URI = "${SOURCEFORGE_MIRROR}/phpmyadmin/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
file://0001-bug-4504-security-Self-XSS-in-query-charts.patch \
file://apache.conf"
SRC_URI[md5sum] = "0dcd755450dac819f33502590c88ad29"