Author: thijs Date: 2015-01-16 22:05:54 +0000 (Fri, 16 Jan 2015) New Revision: 31408
Modified: data/CVE/list Log: triage some pma issues Modified: data/CVE/list =================================================================== --- data/CVE/list 2015-01-16 21:59:41 UTC (rev 31407) +++ data/CVE/list 2015-01-16 22:05:54 UTC (rev 31408) @@ -3051,10 +3051,12 @@ NOT-FOR-US: OpenVAS Manager CVE-2014-9219 (Cross-site scripting (XSS) vulnerability in the redirection feature in ...) - phpmyadmin 4:4.2.12-2 (bug #774194) + [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) + [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2 NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x ...) - - phpmyadmin 4:4.2.12-2 (bug #774194) + - phpmyadmin 4:4.2.12-2 (low; bug #774194) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master) NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php CVE-2014-9172 @@ -4353,7 +4355,7 @@ - phpmyadmin 4:4.2.12-1 (low) NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 and - NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 need + NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d need NOTE: to be backported to 3.4 CVE-2014-8957 RESERVED @@ -5995,8 +5997,9 @@ NOT-FOR-US: TYPO3 extension fal_sftp CVE-2014-8326 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...) - phpmyadmin 4:4.2.10.1-1 (low) - [wheezy] - phpmyadmin <no-dsa> (Minor issue) - [squeeze] - phpmyadmin <no-dsa> (Minor issue) + [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) + [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php CVE-2014-8325 (The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 ...) NOT-FOR-US: TYPO3 extension cal CVE-2014-8316 (XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP ...) @@ -13841,10 +13844,12 @@ - phpmyadmin 4:4.2.6-1 (low) [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present) [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js ...) - phpmyadmin 4:4.2.6-1 (low) [wheezy] - phpmyadmin <no-dsa> (Minor issue) [squeeze] - phpmyadmin <no-dsa> (Minor issue) + NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php CVE-2014-4985 RESERVED CVE-2014-4984 _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits