File _patchinfo of Package patchinfo.9304

<patchinfo incident="9304">
  <issue tracker="bnc" id="1119245">VUL-0: CVE-2018-19968, CVE-2018-19969, CVE-2018-19970: phpMyAdmin: multiple security issues fixed in 4.8.4</issue>
  <issue tracker="cve" id="2018-19969"/>
  <issue tracker="cve" id="2018-19968"/>
  <issue tracker="cve" id="2018-19970"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>ecsos</packager>
  <description>This update for phpMyAdmin fixes security issues and bugs.

Security issues addressed in the 4.8.4 release (bsc#1119245):

- CVE-2018-19968: Local file inclusion through transformation feature
- CVE-2018-19969: XSRF/CSRF vulnerability
- CVE-2018-19970: XSS vulnerability in navigation tree

This update also contains the following upstream bug fixes and improvements:

- Ensure that database names with a dot ('.') are handled properly when DisableIS is true
- Fix for message "Error while copying database (pma__column_info)"
- Move operation causes "SELECT * FROM `undefined`" error
- When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged
  when $cfg['AuthLogSuccess'] was true
- Multiple errors and regressions with Designer
    </description>
  <summary>Security update for phpMyAdmin</summary>
</patchinfo>