{"id":"MGASA-2015-0232","summary":"Updated phpmyadmin packages fix security vulnerabilities","details":"Updated phpmyadmin package fixes security vulnerabilities:\n\nIn phpMyAdmin before 4.2.13.3, by deceiving a user to click on a crafted URL,\nit is possible to alter the configuration file being generated with phpMyAdmin\nsetup (CVE-2015-3902).\n\nIn phpMyAdmin before 4.2.13.3, a vulnerability in the API call to GitHub can\nbe exploited to perform a man-in-the-middle attack (CVE-2015-3903).\n\nWith this update, the phpmyadmin package has been updated to the 4.2 branch,\nwhich has some additional changes and new features.  The 4.1 branch is no\nlonger supported.\n","modified":"2026-02-04T02:14:11.297699Z","published":"2015-05-18T19:08:05Z","related":["CVE-2015-3902","CVE-2015-3903"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0232.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15945"},{"type":"REPORT","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2015-2.php"},{"type":"REPORT","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2015-3.php"},{"type":"REPORT","url":"https://sourceforge.net/p/phpmyadmin/news/2014/05/phpmyadmin-420-is-released/"}],"affected":[{"package":{"name":"phpmyadmin","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/phpmyadmin?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.2.13.3-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0232.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}