[Secure-testing-commits] r6378 - data/CVE

thijs at alioth.debian.org thijs at alioth.debian.org
Thu Aug 23 12:04:15 UTC 2007


Author: thijs
Date: 2007-08-23 12:04:14 +0000 (Thu, 23 Aug 2007)
New Revision: 6378

Modified:
   data/CVE/list
Log:
phpmyadmin CVE-2007-4306: sarge not vulnerable
etch and up: 'vulnerable', but you need to have a session token.
will verify with upstream


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2007-08-22 21:14:08 UTC (rev 6377)
+++ data/CVE/list	2007-08-23 12:04:14 UTC (rev 6378)
@@ -348,6 +348,9 @@
 	NOT-FOR-US: Storesprite
 CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	- phpmyadmin <unfixed>
+	[sarge] - phpmyadmin <not-affected>
+	NOTE: It seems that this requires knowledge of a unguessable session token.
+	NOTE: I'm contacting upstream to verify this, but it seems a non issue.
 CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...)
 	NOT-FOR-US: NetBSD and OpenBSD
 CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when ...)




More information about the Secure-testing-commits mailing list