Hi Antoine,
Thank you for the feedback! I've also performed some tests (I sent an
email about that almost at the same time as you :) and came up to the
same result.
After your report I'll upload the package now.
Cheers.
On 2/1/19 5:31 PM, Antoine Beaupré wrote:
> Hi,
>
> I've reviewed both patc
Hi,
I've performed some tests with the package and I didn't face any issue.
I created some databases and tables using different MIME types trying to
exercise some transformations (the core of the modifications in this
update). I'll upload the package tomorrow in case Hugo or others want
also to te
Hi,
I've reviewed both patches and they look sane. I did some smoke tests on
the package (installed it and mariadb in a VM) and it seems to run
okay. I also did an naive attempt at exploiting CVE-2018-19970 but
couldn't succeed, which can either mean I failed or the flaw is
fixed. :)
Good job,
A
Hugo,
I just uploaded a new package fixing the issue that you pointed out here
again: https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
I didn't perform any new testing yet, I want to do it soon. But if you
could have a try again it would be great.
Cheers.
On 1/29/19 11:37 AM, Hugo Le
Hi Lucas,
> Great, sorry for being a victim of my lack of attention... I've never
> used phpmyadmin (that's why I requested some testing) and my local tests
> were so basic that they didn't catch this issue. Shame on me.
That's fine, main thing is issues have been found before upload :)
> I'll
Hi Hugo,
On 1/28/19 6:40 AM, Hugo Lefeuvre wrote:
> Hi Lucas,
>
> Sorry for the late answer.
Do not worry.
> I had an issue with your patch and took a while to find out what was going
> wrong.
>
> This update broke table creation...
>
>> +--- a/libraries/transformations.lib.php
>> b/libraries
Hi Lucas,
Sorry for the late answer.
I had an issue with your patch and took a while to find out what was going
wrong.
This update broke table creation...
> +--- a/libraries/transformations.lib.php
> b/libraries/transformations.lib.php
> +@@ -145,9 +145,10 @@ function PMA_getTransformation
Hi Lucas,
> I uploaded version 4.2.12-2+deb8u4 of phpmyadmin to:
>
> https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
>
> It has patches fixing CVE-2018-19968 and CVE-2018-19970. I did not have
> the time to determine whether jessie is affected by CVE-2018-19969
> (requested by sunwea
Hi,
I uploaded version 4.2.12-2+deb8u4 of phpmyadmin to:
https://people.debian.org/~kanashiro/jessie_lts/phpmyadmin/
It has patches fixing CVE-2018-19968 and CVE-2018-19970. I did not have
the time to determine whether jessie is affected by CVE-2018-19969
(requested by sunweaver), I did some sup
