[Secure-testing-commits] r31408 - data/CVE

Fri, 16 Jan 2015 14:06:19 -0800 

Author: thijs
Date: 2015-01-16 22:05:54 +0000 (Fri, 16 Jan 2015)
New Revision: 31408

Modified:
   data/CVE/list
Log:
triage some pma issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2015-01-16 21:59:41 UTC (rev 31407)
+++ data/CVE/list       2015-01-16 22:05:54 UTC (rev 31408)
@@ -3051,10 +3051,12 @@
        NOT-FOR-US: OpenVAS Manager
 CVE-2014-9219 (Cross-site scripting (XSS) vulnerability in the redirection 
feature in ...)
        - phpmyadmin 4:4.2.12-2 (bug #774194)
+       [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
+       [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2
        NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
 CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 
4.1.x ...)
-       - phpmyadmin 4:4.2.12-2 (bug #774194)
+       - phpmyadmin 4:4.2.12-2 (low; bug #774194)
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1
 (master)
        NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
 CVE-2014-9172
@@ -4353,7 +4355,7 @@
        - phpmyadmin 4:4.2.12-1 (low)
        NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820
 and
-       NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820
 need
+       NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d
 need
        NOTE: to be backported to 3.4
 CVE-2014-8957
        RESERVED
@@ -5995,8 +5997,9 @@
        NOT-FOR-US: TYPO3 extension fal_sftp
 CVE-2014-8326 (Multiple cross-site scripting (XSS) vulnerabilities in 
phpMyAdmin ...)
        - phpmyadmin 4:4.2.10.1-1 (low)
-       [wheezy] - phpmyadmin <no-dsa> (Minor issue)
-       [squeeze] - phpmyadmin <no-dsa> (Minor issue)
+       [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
+       [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
+       NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php
 CVE-2014-8325 (The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 
1.6.1 ...)
        NOT-FOR-US: TYPO3 extension cal
 CVE-2014-8316 (XML External Entity (XXE) vulnerability in polestar_xml.jsp in 
SAP ...)
@@ -13841,10 +13844,12 @@
        - phpmyadmin 4:4.2.6-1 (low)
        [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
        [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
+       NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php
 CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in 
js/functions.js ...)
        - phpmyadmin 4:4.2.6-1 (low)
        [wheezy] - phpmyadmin <no-dsa> (Minor issue)
        [squeeze] - phpmyadmin <no-dsa> (Minor issue)
+       NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
 CVE-2014-4985
        RESERVED
 CVE-2014-4984


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to