Updated phpmyadmin packages fix security vulnerabilitiesPublication date: 18 May 2015
Affected Mageia releases : 4
CVE: CVE-2015-3902 , CVE-2015-3903
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 184.108.40.206, by deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup (CVE-2015-3902). In phpMyAdmin before 220.127.116.11, a vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack (CVE-2015-3903). With this update, the phpmyadmin package has been updated to the 4.2 branch, which has some additional changes and new features. The 4.1 branch is no longer supported.