Version in base suite: 5.2.1+dfsg-1

Base version: phpmyadmin_5.2.1+dfsg-1
Target version: phpmyadmin_5.2.1+dfsg-1+deb12u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/phpmyadmin/phpmyadmin_5.2.1+dfsg-1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/p/phpmyadmin/phpmyadmin_5.2.1+dfsg-1+deb12u1.dsc

 changelog                                                        |    8 +
 patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch          |   79 ++++++++++
 patches/0002-Fix-unescaped-table-name-when-checking-tables.patch |   37 ++++
 patches/series                                                   |    2 
 4 files changed, 126 insertions(+)

diff: /srv/release.debian.org/tmp/QgHZP1sWog/phpmyadmin-5.2.1+dfsg/debian/missing-sources/ol/node_modules/.bin/pbf: No such file or directory
diff: /srv/release.debian.org/tmp/nHjtS0xHtL/phpmyadmin-5.2.1+dfsg/debian/missing-sources/ol/node_modules/.bin/pbf: No such file or directory
diff -Nru phpmyadmin-5.2.1+dfsg/debian/changelog phpmyadmin-5.2.1+dfsg/debian/changelog
--- phpmyadmin-5.2.1+dfsg/debian/changelog	2023-02-08 12:57:42.000000000 +0000
+++ phpmyadmin-5.2.1+dfsg/debian/changelog	2025-04-08 15:25:51.000000000 +0000
@@ -1,3 +1,11 @@
+phpmyadmin (4:5.2.1+dfsg-1+deb12u1) bookworm; urgency=medium
+
+  * Non-maintainer upload.
+  * CVE-2025-24529: XSS on Insert page
+  * CVE-2025-24530: XSS when checking tables
+
+ -- Adrian Bunk <bunk@debian.org>  Tue, 08 Apr 2025 18:25:51 +0300
+
 phpmyadmin (4:5.2.1+dfsg-1) unstable; urgency=medium
 
   * Add a d/pkg-php-tools-overrides to force the PHP 8.0 polyfill dep
diff -Nru phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch
--- phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch	1970-01-01 00:00:00.000000000 +0000
+++ phpmyadmin-5.2.1+dfsg/debian/patches/0001-Fix-XSS-vulnerability-on-Insert-page.patch	2025-04-08 13:15:24.000000000 +0000
@@ -0,0 +1,79 @@
+From 8ee84b67eca8a8178fec498188d968d95212e932 Mon Sep 17 00:00:00 2001
+From: Maurício Meneghini Fauth <mauricio@mfauth.net>
+Date: Sun, 12 Jan 2025 22:39:06 -0300
+Subject: Fix XSS vulnerability on Insert page
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth <mauricio@mfauth.net>
+---
+ libraries/classes/InsertEdit.php |  4 ++--
+ psalm-baseline.xml               |  2 +-
+ test/classes/InsertEditTest.php  | 14 ++++++++++++--
+ 3 files changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/libraries/classes/InsertEdit.php b/libraries/classes/InsertEdit.php
+index 3e6ab3e411..72971c0b88 100644
+--- a/libraries/classes/InsertEdit.php
++++ b/libraries/classes/InsertEdit.php
+@@ -1124,8 +1124,8 @@ private function getSpecialCharsAndBackupFieldForInsertingMode(
+         } elseif ($trueType === 'binary' || $trueType === 'varbinary') {
+             $specialChars = bin2hex($column['Default']);
+         } elseif (substr($trueType, -4) === 'text') {
+-            $textDefault = substr($column['Default'], 1, -1);
+-            $specialChars = stripcslashes($textDefault !== false ? $textDefault : $column['Default']);
++            $textDefault = (string) substr($column['Default'], 1, -1);
++            $specialChars = htmlspecialchars(stripcslashes($textDefault !== '' ? $textDefault : $column['Default']));
+         } else {
+             $specialChars = htmlspecialchars($column['Default']);
+         }
+diff --git a/psalm-baseline.xml b/psalm-baseline.xml
+index a07466f7bf..4f053c0a6a 100644
+--- a/psalm-baseline.xml
++++ b/psalm-baseline.xml
+@@ -8183,7 +8183,7 @@
+       <code>$specialChars</code>
+       <code>$specialChars</code>
+       <code>$specialCharsEncoded</code>
+-      <code>$textDefault !== false ? $textDefault : $column['Default']</code>
++      <code>$textDefault !== '' ? $textDefault : $column['Default']</code>
+       <code>$transformationPlugin-&gt;getScripts()</code>
+       <code>$transformation[$type . '_options'] ?? ''</code>
+       <code>$trueType</code>
+diff --git a/test/classes/InsertEditTest.php b/test/classes/InsertEditTest.php
+index 6bbe885c12..c3f8234586 100644
+--- a/test/classes/InsertEditTest.php
++++ b/test/classes/InsertEditTest.php
+@@ -1714,9 +1714,9 @@ public function providerForTestGetSpecialCharsAndBackupFieldForInsertingMode():
+                 [
+                     false,
+                     '"lorem\"ipsem"',
+-                    'lorem"ipsem',
++                    'lorem&quot;ipsem',
+                     '',
+-                    'lorem"ipsem',
++                    'lorem&quot;ipsem',
+                 ],
+             ],
+             'varchar with html special chars' => [
+@@ -1732,6 +1732,16 @@ public function providerForTestGetSpecialCharsAndBackupFieldForInsertingMode():
+                     'hello world&lt;br&gt;&lt;b&gt;lorem&lt;/b&gt; ipsem',
+                 ],
+             ],
++            'text with html special chars' => [
++                ['True_Type' => 'text', 'Default' => '\'</textarea><script>alert(1)</script>\''],
++                [
++                    false,
++                    '\'</textarea><script>alert(1)</script>\'',
++                    '&lt;/textarea&gt;&lt;script&gt;alert(1)&lt;/script&gt;',
++                    '',
++                    '&lt;/textarea&gt;&lt;script&gt;alert(1)&lt;/script&gt;',
++                ],
++            ],
+         ];
+     }
+ 
+-- 
+2.30.2
+
diff -Nru phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch
--- phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch	1970-01-01 00:00:00.000000000 +0000
+++ phpmyadmin-5.2.1+dfsg/debian/patches/0002-Fix-unescaped-table-name-when-checking-tables.patch	2025-04-08 13:15:24.000000000 +0000
@@ -0,0 +1,37 @@
+From 198467709c031c52fb9143995e325bcbf67eed52 Mon Sep 17 00:00:00 2001
+From: Maurício Meneghini Fauth <mauricio@mfauth.net>
+Date: Tue, 15 Oct 2024 12:27:22 -0300
+Subject: Fix unescaped table name when checking tables
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth <mauricio@mfauth.net>
+---
+ libraries/classes/Table/Maintenance.php | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libraries/classes/Table/Maintenance.php b/libraries/classes/Table/Maintenance.php
+index 97c3423e91..2a2596c2bd 100644
+--- a/libraries/classes/Table/Maintenance.php
++++ b/libraries/classes/Table/Maintenance.php
+@@ -13,6 +13,7 @@
+ use PhpMyAdmin\Util;
+ 
+ use function __;
++use function htmlspecialchars;
+ use function implode;
+ use function sprintf;
+ 
+@@ -119,7 +120,7 @@ public function getIndexesProblems(DatabaseName $db, array $tables): string
+                 continue;
+             }
+ 
+-            $indexesProblems .= sprintf(__('Problems with indexes of table `%s`'), $table->getName());
++            $indexesProblems .= htmlspecialchars(sprintf(__('Problems with indexes of table `%s`'), $table->getName()));
+             $indexesProblems .= $check;
+         }
+ 
+-- 
+2.30.2
+
diff -Nru phpmyadmin-5.2.1+dfsg/debian/patches/series phpmyadmin-5.2.1+dfsg/debian/patches/series
--- phpmyadmin-5.2.1+dfsg/debian/patches/series	2023-02-08 12:57:42.000000000 +0000
+++ phpmyadmin-5.2.1+dfsg/debian/patches/series	2025-04-08 15:25:51.000000000 +0000
@@ -9,3 +9,5 @@
 Drop-depends-on-paragonie-sodium_compat-since-PHP-7.2-is-required.patch
 Skip-part-of-RoutingTest-testGetDispatcher.patch
 Adjust-path-for-source-files-in-tests.patch
+0001-Fix-XSS-vulnerability-on-Insert-page.patch
+0002-Fix-unescaped-table-name-when-checking-tables.patch