## 3.3.17 (2018-05-25) * security #cve-2018-11407 [Ldap] cast to string when checking empty passwords * security #cve-2018-11408 [SecurityBundle] Fail if security.http_utils cannot be configured * security #cve-2018-11406 clear CSRF tokens when the user is logged out * security #cve-2018-11385 migrating session for UsernamePasswordJsonAuthenticationListener * security #cve-2018-11386
- New upstream v1.4.23 (#1589802,#1589620,#1589624) - Remove patches included in upstream release - Note that this includes the fix for [CVE-2018-12020] ---- - doc Remove documentation for future option faked sys - build Don't use dev srandom on OpenBSD - Do not use C99 feature - g10 Fix regexp sanitization - g10 Push compress filter only if compressed - gpg Sanitize diagnostic with the
preemption checks bypassed in x86 PV MM handling [XSA-264, CVE-2018-12891] (#1595959) x86: #DB exception safety check can be triggered by a guest [XSA-265, CVE-2018-12893] (#1595958) libxl fails to honour readonly flag on HVM emulated SCSI disks [XSA-266, CVE-2018-12892] (#1595957)
Update to 2.14 This updates ensures that the VNC server used for debugging is bound to the local interfaces. Previously the VNC server might have been available globally depending on the system's firewall settings.
Upstream announcement: The phpMyAdmin team is pleased to announce the release of **phpMyAdmin version 4.8.2**. Among other bug fixes, this contains an important security update and it is highly recommended that all users upgrade immediately. The urgent vulnerability allows an authenticated attacker to exploit a phpMyAdmin feature to show and potentially execute files on the
