diff -Nru phpmyadmin-3.3.9/ChangeLog phpmyadmin-3.3.9.2/ChangeLog --- phpmyadmin-3.3.9/ChangeLog 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/ChangeLog 2011-02-11 17:56:49.000000000 +0000 @@ -5,6 +5,12 @@ $Id$ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $ +3.3.9.2 (2011-02-11) +- [security] SQL injection, see PMASA-2011-2 + +3.3.9.1 (2011-02-08) +- [security] Path disclosure, see PMASA-2011-1 + 3.3.9.0 (2011-01-03) - bug [doc] Fix references to MySQL doc - patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand diff -Nru phpmyadmin-3.3.9/changelog.php phpmyadmin-3.3.9.2/changelog.php --- phpmyadmin-3.3.9/changelog.php 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/changelog.php 2011-02-11 17:56:49.000000000 +0000 @@ -15,13 +15,19 @@ /** * Read changelog. */ -if (substr(CHANGELOG_FILE, -3) == '.gz') { - ob_start(); - readgzfile(CHANGELOG_FILE); - $changelog = ob_get_contents(); - ob_end_clean(); +// Check if the Changelog file is available, some distributions remove these. +if (is_readable(CHANGELOG_FILE)) { + if (substr(CHANGELOG_FILE, -3) == '.gz') { + ob_start(); + readgzfile(CHANGELOG_FILE); + $changelog = ob_get_contents(); + ob_end_clean(); + } else { + $changelog = file_get_contents(CHANGELOG_FILE); + } } else { - $changelog = file_get_contents(CHANGELOG_FILE); + echo "The Changelog file is not available on this system, please visit www.phpmyadmin.net for more information."; + exit; } /** diff -Nru phpmyadmin-3.3.9/debian/changelog phpmyadmin-3.3.9.2/debian/changelog --- phpmyadmin-3.3.9/debian/changelog 2011-01-23 16:15:04.000000000 +0000 +++ phpmyadmin-3.3.9.2/debian/changelog 2011-02-18 05:35:41.000000000 +0000 @@ -1,8 +1,23 @@ -phpmyadmin (4:3.3.9-2~lucid1~ppa1) lucid; urgency=low +phpmyadmin (4:3.3.9.2-1~lucid1~ppa1) lucid; urgency=low * No-change backport to lucid - -- Micah Gersten Sun, 23 Jan 2011 10:15:04 -0600 + -- Micah Gersten Thu, 17 Feb 2011 23:35:41 -0600 + +phpmyadmin (4:3.3.9.2-1) unstable; urgency=high + + * New upstream security release. + - Fixes path disclossure (PMASA-2011-1, CVE-2011-0986). + - Fixes SQL injection (PMASA-2011-2, CVE-2011-0987). + * Fix path to example config files (Closes: #611311). + + -- Michal Čihař Sat, 12 Feb 2011 08:35:43 +0100 + +phpmyadmin (4:3.3.9-3) unstable; urgency=low + + * Upload to unstable. + + -- Michal Čihař Sun, 06 Feb 2011 12:41:31 +0100 phpmyadmin (4:3.3.9-2) experimental; urgency=low diff -Nru phpmyadmin-3.3.9/debian/conf/config.inc.php phpmyadmin-3.3.9.2/debian/conf/config.inc.php --- phpmyadmin-3.3.9/debian/conf/config.inc.php 2010-12-07 13:21:07.000000000 +0000 +++ phpmyadmin-3.3.9.2/debian/conf/config.inc.php 2011-02-09 09:42:51.000000000 +0000 @@ -5,7 +5,10 @@ * This file overrides the settings made by phpMyAdmin interactive setup * utility. * - * For example configuration see /usr/share/doc/phpmyadmin/examples/config.default.php.gz + * For example configuration see + * /usr/share/doc/phpmyadmin/examples/config.sample.inc.php + * or + * /usr/share/doc/phpmyadmin/examples/config.manyhosts.inc.php * * NOTE: do not add security sensitive data to this file (like passwords) * unless you really know what you're doing. If you do, any user that can diff -Nru phpmyadmin-3.3.9/Documentation.html phpmyadmin-3.3.9.2/Documentation.html --- phpmyadmin-3.3.9/Documentation.html 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/Documentation.html 2011-02-11 17:56:49.000000000 +0000 @@ -10,7 +10,7 @@ - phpMyAdmin 3.3.9 - Documentation + phpMyAdmin 3.3.9.2 - Documentation @@ -18,7 +18,7 @@ diff -Nru phpmyadmin-3.3.9/Documentation.txt phpmyadmin-3.3.9.2/Documentation.txt --- phpmyadmin-3.3.9/Documentation.txt 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/Documentation.txt 2011-02-11 17:56:49.000000000 +0000 @@ -1,4 +1,4 @@ -phpMyAdmin 3.3.9 Documentation +phpMyAdmin 3.3.9.2 Documentation * Top * Requirements diff -Nru phpmyadmin-3.3.9/import.php phpmyadmin-3.3.9.2/import.php --- phpmyadmin-3.3.9/import.php 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/import.php 2011-02-11 17:56:49.000000000 +0000 @@ -151,6 +151,7 @@ // Bookmark Support: get a query back from bookmark if required if (!empty($id_bookmark)) { + $id_bookmark = (int)$id_bookmark; require_once './libraries/bookmark.lib.php'; switch ($action_bookmark) { case 0: // bookmarked query that have to be run diff -Nru phpmyadmin-3.3.9/libraries/bookmark.lib.php phpmyadmin-3.3.9.2/libraries/bookmark.lib.php --- phpmyadmin-3.3.9/libraries/bookmark.lib.php 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/libraries/bookmark.lib.php 2011-02-11 17:56:49.000000000 +0000 @@ -95,12 +95,13 @@ * @param mixed the id of the bookmark to get * @param string which field to look up the $id * @param boolean TRUE: get all bookmarks regardless of the owning user + * @param boolean whether to ignore bookmarks with no user * * @return string the sql query * * @access public */ -function PMA_Bookmark_get($db, $id, $id_field = 'id', $action_bookmark_all = FALSE) +function PMA_Bookmark_get($db, $id, $id_field = 'id', $action_bookmark_all = FALSE, $exact_user_match = FALSE) { global $controllink; @@ -111,10 +112,18 @@ } $query = 'SELECT query FROM ' . PMA_backquote($cfgBookmark['db']) . '.' . PMA_backquote($cfgBookmark['table']) - . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\'' - . ($action_bookmark_all? '' : ' AND (user = \'' . PMA_sqlAddslashes($cfgBookmark['user']) . '\'' - . ' OR user = \'\')') - . ' AND ' . PMA_backquote($id_field) . ' = ' . $id; + . ' WHERE dbase = \'' . PMA_sqlAddslashes($db) . '\''; + + if (!$action_bookmark_all) { + $query .= ' AND (user = \'' . PMA_sqlAddslashes($cfgBookmark['user']) . '\''; + if (!$exact_user_match) { + $query .= ' OR user = \'\''; + } + $query .= ')'; + } + + $query .= ' AND ' . PMA_backquote($id_field) . ' = ' . $id; + return PMA_DBI_fetch_value($query, 0, 0, $controllink); } // end of the 'PMA_Bookmark_get()' function diff -Nru phpmyadmin-3.3.9/libraries/Config.class.php phpmyadmin-3.3.9.2/libraries/Config.class.php --- phpmyadmin-3.3.9/libraries/Config.class.php 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/libraries/Config.class.php 2011-02-11 17:56:49.000000000 +0000 @@ -92,7 +92,7 @@ */ function checkSystem() { - $this->set('PMA_VERSION', '3.3.9'); + $this->set('PMA_VERSION', '3.3.9.2'); /** * @deprecated */ diff -Nru phpmyadmin-3.3.9/license.php phpmyadmin-3.3.9.2/license.php --- phpmyadmin-3.3.9/license.php 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/license.php 2011-02-11 17:56:49.000000000 +0000 @@ -19,5 +19,14 @@ * */ header('Content-type: text/plain; charset=iso-8859-1'); -readfile(LICENSE_FILE); + +$filename = LICENSE_FILE; + +// Check if the file is available, some distributions remove these. +if (is_readable($filename)) { + readfile($filename); +} else { + echo "The $filename file is not available on this system, please visit www.phpmyadmin.net for more information."; +} + ?> diff -Nru phpmyadmin-3.3.9/README phpmyadmin-3.3.9.2/README --- phpmyadmin-3.3.9/README 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/README 2011-02-11 17:56:49.000000000 +0000 @@ -5,8 +5,8 @@ A set of PHP-scripts to manage MySQL over the web. - Version 3.3.9 - ------------- + Version 3.3.9.2 + --------------- http://www.phpmyadmin.net/ Copyright (C) 1998-2000 Tobias Ratschiller diff -Nru phpmyadmin-3.3.9/RELEASE-DATE-3.3.9 phpmyadmin-3.3.9.2/RELEASE-DATE-3.3.9 --- phpmyadmin-3.3.9/RELEASE-DATE-3.3.9 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/RELEASE-DATE-3.3.9 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -Mon Jan 3 12:06:58 UTC 2011 diff -Nru phpmyadmin-3.3.9/RELEASE-DATE-3.3.9.2 phpmyadmin-3.3.9.2/RELEASE-DATE-3.3.9.2 --- phpmyadmin-3.3.9/RELEASE-DATE-3.3.9.2 1970-01-01 00:00:00.000000000 +0000 +++ phpmyadmin-3.3.9.2/RELEASE-DATE-3.3.9.2 2011-02-11 17:56:49.000000000 +0000 @@ -0,0 +1 @@ +Fri Feb 11 17:56:49 UTC 2011 diff -Nru phpmyadmin-3.3.9/sql.php phpmyadmin-3.3.9.2/sql.php --- phpmyadmin-3.3.9/sql.php 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/sql.php 2011-02-11 17:56:49.000000000 +0000 @@ -54,7 +54,7 @@ if (empty($sql_query) && strlen($table) && strlen($db)) { require_once './libraries/bookmark.lib.php'; $book_sql_query = PMA_Bookmark_get($db, '\'' . PMA_sqlAddslashes($table) . '\'', - 'label'); + 'label', FALSE, TRUE); if (! empty($book_sql_query)) { $sql_query = $book_sql_query; diff -Nru phpmyadmin-3.3.9/translators.html phpmyadmin-3.3.9.2/translators.html --- phpmyadmin-3.3.9/translators.html 2011-01-03 12:06:59.000000000 +0000 +++ phpmyadmin-3.3.9.2/translators.html 2011-02-11 17:56:49.000000000 +0000 @@ -11,7 +11,7 @@ - phpMyAdmin 3.3.9 - Official translators + phpMyAdmin 3.3.9.2 - Official translators @@ -19,7 +19,7 @@