Login
Newsletter
Werbung

Sicherheit: Cross-Site Scripting in php-udan11-sql-parser
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in php-udan11-sql-parser
ID: FEDORA-2015-17908c56c1
Distribution: Fedora
Plattformen: Fedora 22
Datum: Sa, 31. Oktober 2015, 10:14
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7873
Applikationen: php-udan11-sql-parser

Originalnachricht

Name        : php-udan11-sql-parser
Product : Fedora 22
Version : 3.0.4
Release : 1.fc22
URL : https://github.com/udan11/sql-parser
Summary : A validating SQL lexer and parser with a focus on MySQL dialect
Description :
A validating SQL lexer and parser with a focus on MySQL dialect.

This library was originally developed for phpMyAdmin during
the Google Summer of Code 2015.

To use this library, you just have to add, in your project:
require_once '/usr/share/php/SqlParser/autoload.php';

-------------------------------------------------------------------------------
-
Update Information:

phpMyAdmin 4.5.1.0 (2015-10-23) =============================== - Invalid
argument supplied for foreach() - array_key_exists() expects parameter 2 to be
array - Notice Undefined index: drop_database - Server variable edition in
ANSI_QUOTES sql_mode: losing current value - Propose table structure broken -
phpMyAdmin suggests upgrading to newer version not usable on that system -
'PMA_Microhistory' is undefined - Incorrect definition for
getTablesWhenOpen() -
Error when creating new user on MariaDB 10.0.21 - Notice on htmlspecialchars()
-
Notice in Structure page of views - AUTO_INCREMENT always exported when IF NOT
EXISTS is on - Some partitions are missing in copied table - Notice of
undefined
variable when performing SHOW CREATE - Error exporting sql query results with
table alias - SQL editing window does not recognise 'OUTER' keyword in
'LEFT
OUTER JOIN' - "NOT IN" clause not recognized (MySQL 5.6 and 5.7) -
Yellow star
does not change in database Structure after add/remove from favorites - Invalid
SQL in table definition when exporting table - Foreign key to other
database's
tables fails - Bug while exporting results when a joined table field name is in
SELECT query - Strange behavior on table rename - Rename table does not result
in refresh in left panel - Missing arguments for PMA_Table::generateAlter() -
Notices about undefined indexes on structure pages of information_schema tables
- Change minimum PHP version for Composer - Import parser and backslash -
"Visualize GIS data" seems to be broken - Confirm box on "Reset
slave" option -
Fix cookies clearing on version change - Cannot execute SQL with subquery -
Incorrect syntax creating a user using mysql_native_password with MariaDB -
Cannot use third party auth plugins
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1275108 - CVE-2015-7873 phpMyAdmin: Content spoofing on url.php
(PMASA-2015-5)
https://bugzilla.redhat.com/show_bug.cgi?id=1275108
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update php-udan11-sql-parser' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung