Hi, I've reviewed both patches and they look sane. I did some smoke tests on the package (installed it and mariadb in a VM) and it seems to run okay. I also did an naive attempt at exploiting CVE-2018-19970 but couldn't succeed, which can either mean I failed or the flaw is fixed. :)
Good job, A. On 2019-01-29 15:27:59, Lucas Kanashiro wrote: > Hugo, > > I just uploaded a new package fixing the issue that you pointed out here > again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/ > > I didn't perform any new testing yet, I want to do it soon. But if you > could have a try again it would be great. > > Cheers. > > On 1/29/19 11:37 AM, Hugo Lefeuvre wrote: >> Hi Lucas, >> >>> Great, sorry for being a victim of my lack of attention... I've never >>> used phpmyadmin (that's why I requested some testing) and my local tests >>> were so basic that they didn't catch this issue. Shame on me. >> That's > >> fine, main thing is issues have been found before upload :) >> >>> I'll fix it and perform some tests. Thanks for the review and the time >>> that you spent on this. >> I am available for testing the updated package if needed. >> >> cheers, >> Hugo >> > -- > Lucas Kanashiro -- Drowning people Sometimes die Fighting their rescuers. - Octavia Butler
