Overview

File _patchinfo of Package patchinfo.14795

<patchinfo incident="14795">
  <issue tracker="bnc" id="1177842">phpMyAdmin 4.9.6 PHP compatibility issues and broken 2FA</issue>
  <issue tracker="bnc" id="1177562">VUL-0: CVE-2020-26935: phpMyAdmin: SQL injection vulnerability in SearchController (PMASA-2020-6)</issue>
  <issue tracker="bnc" id="1167336">VUL-0: CVE-2020-10802: phpMyAdmin: SQL injection relating to searching (PMASA-2020-3)</issue>
  <issue tracker="bnc" id="1167335">VUL-0: CVE-2020-10804: phpMyAdmin: SQL injection with processing username (PMASA-2020-2)</issue>
  <issue tracker="bnc" id="1177561">VUL-0: CVE-2020-26934: phpMyAdmin: XSS relating to the transformation feature</issue>
  <issue tracker="bnc" id="1167337">VUL-0: CVE-2020-10803: phpMyAdmin: SQL injection relating to data display (PMASA-2020-4)</issue>
  <issue tracker="cve" id="2020-26934"/>
  <issue tracker="cve" id="2020-10803"/>
  <issue tracker="cve" id="2020-10802"/>
  <issue tracker="cve" id="2020-26935"/>
  <issue tracker="cve" id="2020-10804"/>
  <packager>computersalat</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for phpMyAdmin</summary>
  <description>This update for phpMyAdmin fixes the following issues:

phpMyAdmin was updated to 4.9.7 (boo#1177842):
  * Fix two factor authentication that was broken in 4.9.6
  * Fix incompatibilities with older PHP versions

Update to 4.9.6:

- Fixed XSS relating to the transformation feature (boo#1177561 CVE-2020-26934, PMASA-2020-5)
- Fixed SQL injection vulnerability in SearchController (boo#1177562 CVE-2020-26935, PMASA-2020-6) 

Update to 4.9.5:

This is a security release containing several bug fixes.

  * CVE-2020-10804: SQL injection vulnerability in the user
    accounts page, particularly when changing a password
    (boo#1167335, PMASA-2020-2)
  * CVE-2020-10802: SQL injection vulnerability relating to the
    search feature (boo#1167336, PMASA-2020-3)
  * CVE-2020-10803: SQL injection and XSS having to do with
    displaying results (boo#1167337, PMASA-2020-4)
  * Removing of the "options" field for the external
    transformation.
  
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places