--- - branch: MAIN date: Thu Jul 17 15:55:16 UTC 2008 files: - new: '1.73' old: '1.72' path: pkgsrc/databases/phpmyadmin/Makefile pathrev: pkgsrc/databases/phpmyadmin/Makefile@1.73 type: modified - new: '1.36' old: '1.35' path: pkgsrc/databases/phpmyadmin/distinfo pathrev: pkgsrc/databases/phpmyadmin/distinfo@1.36 type: modified id: 20080717T155516Z.f822f4046e53db547ccb9a521e12ddd9c9e33dc8 log: | Updatep "phpmyadmin" package to version 2.11.7.1. Changes since 2.11.7: - bug #1908719 [interface] New field cannot be auto-increment and primary key - [dbi] Incorrect interpretation for some mysqli field flags - bug #1910621 [display] part 1: do not display a TEXT utf8_bin as BLOB (fixed for mysqli extension only) - [interface] sanitize the after_field parameter, thanks to Norman Hippert - [structure] do not remove the BINARY attribute in drop-down - bug #1955386 [session] Overriding session.hash_bits_per_character - [interface] sanitize the table comments in table print view, thanks to Norman Hippert - bug #1939031 Auto_Increment selected for TimeStamp by Default - patch #1957998 [display] No tilde for InnoDB row counter when we know it for sure, thanks to Vladyslav Bakayev - dandy76 - bug #1955572 [display] alt text causes duplicated strings - bug #1762029 [interface] Cannot upload BLOB into existing row - bug #1981043 [export] HTML in exports getting corrupted, thanks to Jason Judge - jasonjudge - bug #1936761 [interface] BINARY not treated as BLOB: update/delete issues - protection against XSS when register_globals is on and .htaccess has no effect, thanks to Tim Starling - bug #1996943 [export] Firefox 3 and .sql.gz (corrupted); detect Gecko 1.9, thanks to Juergen Wind - (2.11.7.1) [security] XSRF/CSRF by manipulating the db, convcharset and collation_connection parameters, thanks to YGN Ethical Hacker Group This update fixes the security vulnerability reported in PMASA-2008-5. module: pkgsrc subject: 'CVS commit: pkgsrc/databases/phpmyadmin' unixtime: '1216310116' user: tron