-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 3.0 (quilt) Source: phpmyadmin Binary: phpmyadmin Architecture: all Version: 4:4.2.12-2+deb8u1 Maintainer: Thijs Kinkhorst <[email protected]> Uploaders: Michal Čihař <[email protected]> Homepage: http://www.phpmyadmin.net/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/phpmyadmin.git Vcs-Git: git://anonscm.debian.org/collab-maint/phpmyadmin.git Build-Depends: debhelper (>= 9), python-sphinx, po-debconf Package-List: phpmyadmin deb web extra Checksums-Sha1: a1111cb2bfec0f1dfb762009a324ab93d451c82c 5203736 phpmyadmin_4.2.12.orig.tar.xz eeab422d2803fe81ab844ef846ee10fbbf54d6aa 62008 phpmyadmin_4.2.12-2+deb8u1.debian.tar.gz Checksums-Sha256: 29a5d980ca16f0ee20437f3e01e2ab553041ccf422221ebe26fb18f11261d74a 5203736 phpmyadmin_4.2.12.orig.tar.xz 3d357fe1a9678f02547d2b8b2f929095d01388320c63ef169378a5fa547cfc99 62008 phpmyadmin_4.2.12-2+deb8u1.debian.tar.gz Files: 2d12dce0a405db30509793720d1034e3 5203736 phpmyadmin_4.2.12.orig.tar.xz 2bc1e5d31e9b17c7a171d6a3b1ec18cc 62008 phpmyadmin_4.2.12-2+deb8u1.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJWMP64AAoJEFb2GnlAHawEe4MH/0kW0v2P3/h5NsIrBkE3lzPC HK62LgukIzptW6zXlkBrAUE7CUqierxLhOyvqT1R3oIdB/gKarz47d0dG5gN/JWL VQvMnjYOCDOd26zHrUGnM6A+exNmzkredEiMbZExU5gIYErULEDImgBLUxgjp/Bp qPOnfk38nflml2tpWOawWNLySlvOHvyimWlsT+nruagAI2XaTlARF9eF2+sQNEDD gXwHL81XgjMkTErEj/fLIL/FjiM20HbrOhBzJjRxFDkC7HeujvEOK44Sehl2T49J K99N9apDRtejwusqMciRNnna0m9Fgr+/dmdFvYX2srGFkhcLXRPrQQeVnL0twxo= =r5oq -----END PGP SIGNATURE----- Changes: phpmyadmin (4:4.2.12-2+deb8u1) jessie-security; urgency=high * Fix several security: - CVE-2015-2206: Risk of BREACH attack due to reflected parameter. - CVE-2015-3902: XSRF/CSRF vulnerability in phpMyAdmin setup. - CVE-2015-3903: Vulnerability allowing man-in-the-middle attack on API call to GitHub. - CVE-2015-6830: Vulnerability that allows bypassing the reCaptcha test. - CVE-2015-7873: Content spoofing vulnerability when redirecting user to an external site. -- Thijs Kinkhorst <[email protected]> Wed, 28 Oct 2015 17:40:23 +0100