diff -Nru phpmyadmin-3.4.10/ChangeLog phpmyadmin-3.4.10.1/ChangeLog --- phpmyadmin-3.4.10/ChangeLog 2012-02-14 16:38:14.000000000 +0000 +++ phpmyadmin-3.4.10.1/ChangeLog 2012-02-18 12:26:45.000000000 +0000 @@ -1,6 +1,9 @@ phpMyAdmin - ChangeLog ====================== +3.4.10.1 (2012-02-18) +- [security] XSS in replication setup, see PMASA-2012-1 + 3.4.10.0 (2012-02-14) - bug #3460090 [interface] TextareaAutoSelect feature broken - patch #3375984 [export] PHP Array export might generate invalid php code diff -Nru phpmyadmin-3.4.10/debian/changelog phpmyadmin-3.4.10.1/debian/changelog --- phpmyadmin-3.4.10/debian/changelog 2012-02-14 19:30:57.000000000 +0000 +++ phpmyadmin-3.4.10.1/debian/changelog 2012-02-19 13:21:29.000000000 +0000 @@ -1,3 +1,10 @@ +phpmyadmin (4:3.4.10.1-1) unstable; urgency=low + + * New upstream release. + - Fixes rather hypothetical XSS (CVE-2012-1190). + + -- Thijs Kinkhorst Sun, 19 Feb 2012 13:20:49 +0000 + phpmyadmin (4:3.4.10-1) unstable; urgency=low * New upstream release. diff -Nru phpmyadmin-3.4.10/Documentation.html phpmyadmin-3.4.10.1/Documentation.html --- phpmyadmin-3.4.10/Documentation.html 2012-02-14 16:38:14.000000000 +0000 +++ phpmyadmin-3.4.10.1/Documentation.html 2012-02-18 12:26:45.000000000 +0000 @@ -9,7 +9,7 @@ - phpMyAdmin 3.4.10 - Documentation + phpMyAdmin 3.4.10.1 - Documentation @@ -17,7 +17,7 @@ diff -Nru phpmyadmin-3.4.10/Documentation.txt phpmyadmin-3.4.10.1/Documentation.txt --- phpmyadmin-3.4.10/Documentation.txt 2012-02-14 16:38:14.000000000 +0000 +++ phpmyadmin-3.4.10.1/Documentation.txt 2012-02-18 12:26:45.000000000 +0000 @@ -1,4 +1,4 @@ -phpMyAdmin 3.4.10 Documentation +phpMyAdmin 3.4.10.1 Documentation * Top * Requirements diff -Nru phpmyadmin-3.4.10/js/replication.js phpmyadmin-3.4.10.1/js/replication.js --- phpmyadmin-3.4.10/js/replication.js 2012-02-14 16:38:14.000000000 +0000 +++ phpmyadmin-3.4.10.1/js/replication.js 2012-02-18 12:26:45.000000000 +0000 @@ -1,4 +1,4 @@ -var random_server_id=Math.floor(Math.random()*1E7),conf_prefix="server-id="+random_server_id+"
log-bin=mysql-bin
log-error=mysql-bin.err
"; -function update_config(){var a=$("#db_select option:selected:first").val();$("#db_select option:selected:not(:first)").each(function(){a+=","+$(this).val()});if($("#db_select option:selected").size()==0)$("#rep").html(conf_prefix);else $("#db_type option:selected").val()=="all"?$("#rep").html(conf_prefix+"binlog_ignore_db="+a):$("#rep").html(conf_prefix+"binlog_do_db="+a)} -$(document).ready(function(){$("#rep").html(conf_prefix);$("#db_type").change(update_config);$("#db_select").change(update_config);$("#master_status_href").click(function(){$("#replication_master_section").toggle()});$("#master_slaves_href").click(function(){$("#replication_slaves_section").toggle()});$("#slave_status_href").click(function(){$("#replication_slave_section").toggle()});$("#slave_control_href").click(function(){$("#slave_control_gui").toggle()});$("#slave_errormanagement_href").click(function(){$("#slave_errormanagement_gui").toggle()}); +var random_server_id=Math.floor(Math.random()*1E7),conf_prefix="server-id="+random_server_id+"\nlog-bin=mysql-bin\nlog-error=mysql-bin.err\n"; +function update_config(){var a=$("#db_select option:selected:first").val();$("#db_select option:selected:not(:first)").each(function(){a+=","+$(this).val()});if($("#db_select option:selected").size()==0)$("#rep").text(conf_prefix);else $("#db_type option:selected").val()=="all"?$("#rep").text(conf_prefix+"binlog_ignore_db="+a):$("#rep").text(conf_prefix+"binlog_do_db="+a)} +$(document).ready(function(){$("#rep").text(conf_prefix);$("#db_type").change(update_config);$("#db_select").change(update_config);$("#master_status_href").click(function(){$("#replication_master_section").toggle()});$("#master_slaves_href").click(function(){$("#replication_slaves_section").toggle()});$("#slave_status_href").click(function(){$("#replication_slave_section").toggle()});$("#slave_control_href").click(function(){$("#slave_control_gui").toggle()});$("#slave_errormanagement_href").click(function(){$("#slave_errormanagement_gui").toggle()}); $("#slave_synchronization_href").click(function(){$("#slave_synchronization_gui").toggle()});$("#db_reset_href").click(function(){$("#db_select option:selected").attr("selected",false)})}); diff -Nru phpmyadmin-3.4.10/libraries/Config.class.php phpmyadmin-3.4.10.1/libraries/Config.class.php --- phpmyadmin-3.4.10/libraries/Config.class.php 2012-02-14 16:38:14.000000000 +0000 +++ phpmyadmin-3.4.10.1/libraries/Config.class.php 2012-02-18 12:26:45.000000000 +0000 @@ -96,7 +96,7 @@ */ function checkSystem() { - $this->set('PMA_VERSION', '3.4.10'); + $this->set('PMA_VERSION', '3.4.10.1'); /** * @deprecated */ diff -Nru phpmyadmin-3.4.10/README phpmyadmin-3.4.10.1/README --- phpmyadmin-3.4.10/README 2012-02-14 16:38:14.000000000 +0000 +++ phpmyadmin-3.4.10.1/README 2012-02-18 12:26:45.000000000 +0000 @@ -1,7 +1,7 @@ phpMyAdmin - Readme =================== -Version 3.4.10 +Version 3.4.10.1 A set of PHP-scripts to manage MySQL over the web. diff -Nru phpmyadmin-3.4.10/RELEASE-DATE-3.4.10 phpmyadmin-3.4.10.1/RELEASE-DATE-3.4.10 --- phpmyadmin-3.4.10/RELEASE-DATE-3.4.10 2012-02-14 16:38:14.000000000 +0000 +++ phpmyadmin-3.4.10.1/RELEASE-DATE-3.4.10 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -Tue Feb 14 16:37:02 UTC 2012 diff -Nru phpmyadmin-3.4.10/RELEASE-DATE-3.4.10.1 phpmyadmin-3.4.10.1/RELEASE-DATE-3.4.10.1 --- phpmyadmin-3.4.10/RELEASE-DATE-3.4.10.1 1970-01-01 00:00:00.000000000 +0000 +++ phpmyadmin-3.4.10.1/RELEASE-DATE-3.4.10.1 2012-02-18 12:26:45.000000000 +0000 @@ -0,0 +1 @@ +Sat Feb 18 12:25:36 UTC 2012