[Secure-testing-commits] r442 - sarge-checks/CAN

SALVETTI Djoumé djoume-guest@costa.debian.org
Fri, 18 Feb 2005 13:28:24 +0100


Author: djoume-guest
Date: 2005-02-18 13:28:21 +0100 (Fri, 18 Feb 2005)
New Revision: 442

Modified:
   sarge-checks/CAN/list
Log:
* update phpmyadmin


Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list	2005-02-18 11:32:09 UTC (rev 441)
+++ sarge-checks/CAN/list	2005-02-18 12:28:21 UTC (rev 442)
@@ -7,7 +7,9 @@
 CAN-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...)
 	NOTE: not-for-us (MercuryBoard)
 CAN-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...)
-	NOTE: not sure if this is really a security issue, I have mailed maintainer.
+	NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> : 
+	NOTE: I think it is not a problem on Debian as far as everybody knows the full
+	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
 CAN-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...)
 	NOTE: not-for-us (oscommerce)
 CAN-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...)