Overview

File _patchinfo of Package patchinfo.5278

<patchinfo incident="5278">
  <issue id="986154" tracker="bnc">VUL-0: phpMyAdmin: new releases June 2016</issue>
  <issue id="2016-5706" tracker="cve" />
  <issue id="2016-5733" tracker="cve" />
  <issue id="2016-5731" tracker="cve" />
  <issue id="2016-5705" tracker="cve" />
  <issue id="2016-5703" tracker="cve" />
  <issue id="2016-5701" tracker="cve" />
  <issue id="2016-5730" tracker="cve" />
  <issue id="2016-5739" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>computersalat</packager>
  <description>phpMyAdmin was updated to version 4.4.15.7 to fix eight security issues.

These security issues were fixed:
- CVE-2016-5701: BBCode injection vulnerability (boo#986154)
- CVE-2016-5703: SQL injection attack (boo#986154)
- CVE-2016-5705: Multiple XSS vulnerabilities (boo#986154)
- CVE-2016-5706: DOS attack (boo#986154)
- CVE-2016-5730: Multiple full path disclosure vulnerabilities (boo#986154)
- CVE-2016-5731: XSS through FPD (boo#986154)
- CVE-2016-5733: Multiple XSS vulnerabilities (boo#986154)
- CVE-2016-5739: Referrer leak in transformations (boo#986154)

This non-security issues was fixed:
- Fix issue Setup script doesn't use input type 'password' in all relevant locations
</description>
  <summary>Security update for phpMyAdmin</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places