FEDORA-EPEL-2014-1940 created by robert 8 years ago for Fedora EPEL 6

phpMyAdmin (2014-07-17)

  • XSS injection due to unescaped table name (triggers)
  • XSS in AJAX confirmation messages

phpMyAdmin (2013-12-04)

  • Clicking database name in query window opens a new tab
  • Wrong page is shown after editing; also, do not show a modal dialog for multi-row edit
  • PHP NavigationTree error when paging through list
  • Support A10 Networks load balancer
  • Row deleting isn't binlogs friendly
  • Setup script does not recognize manually-configured server
  • Events page says no privileges with ALL PRIVILEGES

phpMyAdmin (2013-11-04)

  • Can't edit updatable view when searching
  • Missing refresh by deleting databases
  • Drizzle server charset notice
  • Filtering database names includes empty groupings
  • Does not display or manipulate bit(64) fields appropriately
  • Unneeded navi panel refresh
  • SSL redirects to port 80
  • DROP DATABASE displays wrong database name
  • Running delete query asks for confirmation but says it was already executed
  • Accessibility: Images without Alt nor title attribute

phpMyAdmin (2013-10-06)

  • Rename view is not working
  • Interaction between linkified fields and grid editing
  • Table grouping isn't implemented properly
  • Browser tries to remember wrong password when creating new user
  • Edit Index on big table doesn't show "Loading" or any message
  • Default table tab is ignored
  • Server/library difference warning: setting is ignored
  • Table tree group strategy
  • Tracking report: cannot delete a statement
  • Drizzle navigation doesn't expand
  • GIS column editor: point not displayed
  • Drizzle tables in navigation are shown as views
  • NUL symbols added to the end of database dump file
  • More disappears in table Structure
  • Multi-row edit doesn't clear values when checking NULL

phpMyAdmin (2013-09-23)

  • Sorting in database overview with statistics doesn't work
  • Handle the situation where PHP_SELF is not set
  • Overwrite existing file not obeyed
  • Database-specific privileges are not copied when cloning user
  • Error handling in case MySQL extension is missing
  • Moving Columns will alter column definition
  • Insert ignore option does not work
  • Downloading BLOB downloads page template
  • Clicking on table name in view of information_schema redirects to wrong page
  • Copy Table Add AUTO_INCREMENT value checkbox not working
  • MySQL server version at index.php incorrect w/ controlhost
  • Import error: Class 'ImportOds' not found
  • Missing DROP VIEW button

phpMyAdmin (2013-09-05)

  • Call to undefined function mb_detect_encoding (clarify the doc)
  • Missing hints when changing a column's structure
  • Cannot select foreign value in Search
  • gzip export is not actually compressed with mod_deflate
  • query analysis doesn't launch in status monitor
  • Add pmahomme icon credits (FamFamFam silk icon set)
  • Table structure statistics "Space usage" caption too small for l10n
  • Wrong tabindex when inserting rows
  • varchar field not truncated in table browse mode
  • Opening database should expand it in the navigation menu
  • Removed ShowTooltip directive
  • Exporting huge Tables causes memory-Problems

phpMyAdmin (2013-08-04)

  • Not detected configuration storage
  • Pressing enter in the filter field reloads page
  • Cannot insert in this table (PHP < 5.4)
  • Reloading privileges does not update the interface
  • NavigationBarIconic config not honored
  • Call to undefined function mb_detect_encoding
  • Analyze option not shown for InnoDB tables
  • Forcing a storage engine for configuration storage
  • Incorrect Drizzle 7 detection
  • Create database if not exists (export): add an option to the interface to enable generating CREATE DATABASE and USE (false by default)
  • Crash on CSV file import
  • Statistic Monitor shows only last 3 digits in graph
  • Non-permanent SQL history not working
  • Transformations for text/plain on a BLOB column
  • Improved protection against cross framing, see PMASA-2013-10
  • Reinstated configuration directive: AllowThirdPartyFraming

phpMyAdmin (2013-06-17)

  • Using DefaultTabDatabase in NavigationTree for Database Click
  • Avoid Suhosin warning when in simulation mode
  • Row Statistics and Space usage bugs
  • Only display "table has no unique column" message when applicable
  • NavigationBarIconic config not honored
  • Default language wrong with zh-TW
  • Call to undefined function PMA_isSuperuser() if default server is not set
  • Ctrl/shift + click opens links in same window
  • Import using https does not work
  • Missing removeCRLF option in ExportCsv and ExportExcel plugins
  • Drop not working Visio schema export.
  • Better handling of invalid ODS documents
  • Number of pages
  • User privileges, database name unescaped

phpMyAdmin (2013-06-05)

  • Recent tables list always empty
  • Do not translate "Open Document" in export settings
  • List of tables is missing after expanding in the navigation frame
  • Warnings about reserved word for many non reserved words
  • Exporting row selection, resulted by ORDER BY query
  • Cookies must be enabled past this point
  • "Browse foreign values" search filter / page selector not working
  • NOW() function incorrectly selected (partial regression)
  • Javascript execution vulnerability in Create view, reported by Maxim Rupp (see PMASA-2013-6)

phpMyAdmin (2013-05-24)

  • Cannot browse when table name contains keyword "call"
  • Center loading indicator for navigation refresh, related to bug #3920
  • Table sorting in navigation panel is case-sensitive
  • Import of CSV file (Replace table data with file) with duplicate values
  • Undefined variables, function parameter problems
  • Structure not refreshed after column drop
  • View is not updatable
  • PropertiesIconic not honored
  • Databases to choose for specific privileges show up escaped
  • Export database with empty table as a php array, does not produce valid PHP
  • Query profiler chart not loading from SQL Query page
  • Missing CSV import option "Do not abort on INSERT error"
  • Missing Operations>Table options>AUTO_INCREMENT
  • Missing CREATE DATABASE statement when exporting at database level
  • Show warning when CSV file does not contain data for all columns
  • Missing Sql Query after modify structure
  • Server export problems
  • CountTables directive is deprecated

phpMyAdmin (2013-05-14)

  • Import broken for CSV using LOAD DATA
  • When login fails and error display is active, login data is displayed
  • Web server upload directory import fails
  • Server upload folder import file name missing in success message
  • Add retry button on connection failure with config auth
  • Provide feedback if no columns selected for multi-submit
  • Incorrect select field change on ctrl key navigation in Firefox
  • display_binary_as_hex option causes unexpected behavior
  • Git commit links to Github missing
  • CSP WARN in Firefox console
  • Setup script warning for config auth (stored login data) shows link BBcode
  • Fixed getting BLOB data
  • Custom Exporting exports all databases
  • Import of CSV File to selected table doesn't work
  • Browsing an empty table should not display its Structure
  • Calendar widget improperly redirects to home
  • Missing scrollbar (original theme)
  • Add tcpdf path to vendor_config.php
  • Bug fix compat with tcpdf >= 6.0 (tested with 6.0.012)

phpMyAdmin 4.0.0

  • HTML frames are gone and the navigation panel now presents a tree.
  • This version requires Javascript.
  • Many bug fixes and smaller new features.
  • Documentation has a new look and contains an index.

This update has been submitted for testing by robert.

8 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

8 years ago

This update has been pushed to testing

8 years ago
User Icon mstevens commented & provided feedback 8 years ago

phpMyAdmin 4.2.6 requires MySQL 5.5+ and doesn't work with MySQL 5.1

This update has been unpushed

robert has edited this update. New build(s): phpMyAdmin- Removed build(s): phpMyAdmin-4.2.6-1.el6.

8 years ago

This update has been submitted for testing by robert.

8 years ago

This update is currently being pushed to the Fedora EPEL 6 testing updates repository.

8 years ago

This update has been pushed to testing

8 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

This update has been submitted for stable by robert.

8 years ago

This update is currently being pushed to the Fedora EPEL 6 stable updates repository.

8 years ago

This update has been pushed to stable

8 years ago

Please login to add feedback.

Content Type
Test Gating
Unstable by Karma
Stable by Karma
Stable by Time
8 years ago
in testing
8 years ago
in stable
8 years ago
8 years ago
BZ#548260 phpMyAdmin bundles tcpdf
BZ#959946 phpMyAdmin-4.2.5 is available
BZ#989660 CVE-2013-4998 CVE-2013-4999 CVE-2013-5000 phpMyAdmin: Multiple full path disclosure flaws (PMASA-2013-12)
BZ#989668 CVE-2013-5003 phpMyAdmin: SQL injection leading to 'control user' role privilege escalation (PMASA-2013-15)
BZ#989679 phpMyAdmin: various flaws [epel-6]
BZ#993613 CVE-2013-5029 phpMyAdmin: ClickJacking protection can be bypassed (PMASA-2013-10)
BZ#993618 CVE-2013-5029 phpMyAdmin: ClickJacking protection can be bypassed (PMASA-2013-10) [epel-all]
BZ#1000261 phpMyAdmin contains bundled Flash files
BZ#1067713 CVE-2014-1879 phpMyAdmin: XSS in import.php
BZ#1067715 CVE-2014-1879 phpMyAdmin: XSS in import.php [epel-6]
BZ#1117600 CVE-2014-4348 phpMyAdmin: Self-XSS due to unescaped HTML output in recent/favorite tables navigation
BZ#1117601 CVE-2014-4349 phpMyAdmin: Self-XSS due to unescaped HTML output in navigation items hiding feature
BZ#1117603 CVE-2014-4349 CVE-2014-4348 phpMyAdmin: various flaws [epel-6]

Automated Test Results