[Secure-testing-commits] r6378 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Thu Aug 23 12:04:15 UTC 2007
Author: thijs
Date: 2007-08-23 12:04:14 +0000 (Thu, 23 Aug 2007)
New Revision: 6378
Modified:
data/CVE/list
Log:
phpmyadmin CVE-2007-4306: sarge not vulnerable
etch and up: 'vulnerable', but you need to have a session token.
will verify with upstream
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2007-08-22 21:14:08 UTC (rev 6377)
+++ data/CVE/list 2007-08-23 12:04:14 UTC (rev 6378)
@@ -348,6 +348,9 @@
NOT-FOR-US: Storesprite
CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin <unfixed>
+ [sarge] - phpmyadmin <not-affected>
+ NOTE: It seems that this requires knowledge of a unguessable session token.
+ NOTE: I'm contacting upstream to verify this, but it seems a non issue.
CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...)
NOT-FOR-US: NetBSD and OpenBSD
CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when ...)
More information about the Secure-testing-commits
mailing list