[3.4] phpmyadmin: Multiple issues (CVE-2016-5702, CVE-2016-5704, CVE-2016-5732)
CVE-2016-5702: Cookie attribute injection attack
Affected Versions
All 4.6.x versions (prior to 4.6.3) are affected
Upgrade to phpMyAdmin 4.6.3 or newer
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-18/
CVE-2016-5704: XSS on table structure page
Affected Versions
All 4.6.x versions (prior to 4.6.3) are affected
Upgrade to phpMyAdmin 4.6.3 or newer.
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-20/
CVE-2016-5732: XSS in partition range functionality
Affected Versions
All 4.6.x versions (prior to 4.6.3) are affected
Upgrade to phpMyAdmin 4.6.3 or newer
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-25/
(from redmine: issue id 5841, created on 2016-06-29, closed on 2016-07-07)
- Relations:
- parent #5839 (closed)
- Changesets:
- Revision d2d2e0c5 on 2016-07-05T09:59:55Z:
main/phpmyadmin: security upgrade to 4.6.3
Fixes #5835
Fixes #5841
(cherry picked from commit b7fe97070a08fd6ce1a9012bcc6c2834ea309725)