Sunday, January 31, 2016

phpMyAdmin work during seventeenth and eighteenth weeks

My work during these two weeks concentrated pretty much on the security vulnerabilities that were reported. We received two lengthy reports on a number of security vulnerabilities which included cross-site scripting, full path disclosure, weaknesses in token generation and comparison etc. Altogether these vulnerabilities resulted in 9 PMASAs taking into the different combinations of phpMyAdmin versions they affected.

I contributed by fixing some vulnerabilities, testing security patches, porting some fixes done by others developers to older branches, preparing PMASAs and coordinating with the reporter, CVE team and phpMyAdmin security team.

The latter part of the fortnight was spent on fixing two regressions introduced by the security releases. 
issue #11891 Error with PMA 4.0.10.13 with PHP 5.2
issue #11892 Error with PMA 4.4.15.3

Moreover, following bug was fixing during the two weeks.
issue #11881 Full processlist lost on refresh


No comments:

Post a Comment