K 10
svn:author
V 7
matthew
K 8
svn:date
V 27
2016-01-28T07:37:59.810001Z
K 7
svn:log
V 1659
Security Update to 4.5.4

This is a combination of feature- and security- updates.  The PMA
project has not yet published the relevant advisories, so there is
very little information available about what the vulnerabilities are
and what versions they affect.  PMSA-2016-1 to PMSA-2016-9 are
expected to be available at https://www.phpmyadmin.net/security/
shortly.

  [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
  [Security] Unsafe generation of CSRF token, see PMASA-2016-2
  [Security] Multiple XSS vulnerabilities, see PMASA-2016-3
  [Security] Insecure password generation in JavaScript, see PMASA-2016-4
  [Security] Unsafe comparison of CSRF token, see PMASA-2016-5
  [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6
  [Security] XSS vulnerability in normalization page, see PMASA-2016-7
  [Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8
  [Security] XSS vulnerability in SQL editor, see PMASA-2016-9

VuXML entries to follow once the advisories are available.

ChangeLog:	https://www.phpmyadmin.net/files/4.5.4/
MFH:		2016Q1
Security:	https://www.phpmyadmin.net/security/PMASA-2016-1/
Security:	https://www.phpmyadmin.net/security/PMASA-2016-2/
Security:	https://www.phpmyadmin.net/security/PMASA-2016-3/
Security:	https://www.phpmyadmin.net/security/PMASA-2016-4/
Security:	https://www.phpmyadmin.net/security/PMASA-2016-5/
Security:	https://www.phpmyadmin.net/security/PMASA-2016-6/
Security:	https://www.phpmyadmin.net/security/PMASA-2016-7/
Security:	https://www.phpmyadmin.net/security/PMASA-2016-8/
Security:	https://www.phpmyadmin.net/security/PMASA-2016-9/

END