File _patchinfo of Package patchinfo.3288

<patchinfo incident="3288">
  <issue id="908364" tracker="bnc">VUL-0: CVE-2014-9219: phpMyAdmin: XSS vulnerability in redirection mechanism</issue>
  <issue id="908363" tracker="bnc">VUL-0: CVE-2014-9218: phpMyAdmin: DoS vulnerability with long passwords</issue>
  <issue id="CVE-2014-9218" tracker="cve" />
  <issue id="CVE-2014-9219" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>
phpMyAdmin on openSUSE 12.3 and 13.1 was updated to 4.1.14.8.
This update fixes one vulnerability.
- Security fixes:
  * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363]
    http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
    - sf#4611 [security] DOS attack with long passwords

phpMyAdmin on openSUSE 13.2 was updated to 4.2.13.1 (2014-12-03)
- Security fixes:
  * PMASA-2014-18 (CVE-2014-9219, CWE-661 CWE-79) [boo#908364]
    http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
    - sf#4612 [security] XSS vulnerability in redirection mechanism
  * PMASA-2014-17 (CVE-2014-9218, CWE-661 CWE-400) [boo#908363]
    http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
    - sf#4611 [security] DOS attack with long passwords
- Bugfixes:
  - sf#4604 Query history not being deleted
  - sf#4057 db/table query string parameters no longer work
  - sf#4605 Unseen messages in tracking
  - sf#4606 Tracking report export as SQL dump does not work
  - sf#4607 Syntax error during db_copy operation
  - sf#4608 SELECT permission issues with relations and restricted 
    access
</description>
  <summary>Security update for phpMyAdmin</summary>
</patchinfo>
openSUSE Build Service is sponsored by