Overview Details

File _patchinfo of Package patchinfo

<patchinfo incident="12206">
  <issue tracker="cve" id="2020-10803"/>
  <issue tracker="cve" id="2020-10804"/>
  <issue tracker="cve" id="2020-10802"/>
  <issue tracker="bnc" id="1167337">VUL-0: CVE-2020-10803: phpMyAdmin: SQL injection relating to data display (PMASA-2020-4)</issue>
  <issue tracker="bnc" id="1167335">VUL-0: CVE-2020-10804: phpMyAdmin: SQL injection with processing username (PMASA-2020-2)</issue>
  <issue tracker="bnc" id="1167336">VUL-0: CVE-2020-10802: phpMyAdmin: SQL injection relating to searching (PMASA-2020-3)</issue>
  <packager>AndreasStieger</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for phpMyAdmin</summary>
  <description>This update for phpMyAdmin to version 4.9.5 fixes the following issues:

- phpmyadmin was updated to 4.9.5: 

- CVE-2020-10804: Fixed an SQL injection in the user accounts page, 
  particularly when changing a password (boo#1167335 PMASA-2020-2).
- CVE-2020-10802: Fixed an SQL injection in the search feature 
  (boo#1167336 PMASA-2020-3).
- CVE-2020-10803: Fixed an SQL injection and XSS when displaying 
  results (boo#1167337 PMASA-2020-4).
- Removed the "options" field for the external transformation.

This update was imported from the openSUSE:Leap:15.1:Update update project.</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places