[Secure-testing-commits] r9537 - data/CVE

nion at alioth.debian.org nion at alioth.debian.org
Fri Aug 8 09:37:52 UTC 2008


Author: nion
Date: 2008-08-08 09:37:50 +0000 (Fri, 08 Aug 2008)
New Revision: 9537

Modified:
   data/CVE/list
Log:
CVE-2008-3457 non-issue but fixed in phpmyadmin 4:2.11.8~rc1-1

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-08-08 08:45:27 UTC (rev 9536)
+++ data/CVE/list	2008-08-08 09:37:50 UTC (rev 9537)
@@ -55,7 +55,8 @@
 CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the web ...)
 	NOT-FOR-US: Vtiger CRM
 CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin ...)
-	TODO: check
+	- phpmyadmin 4:2.11.8~rc1-1 (unimportant)
+	NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS
 CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in ...)
 	NOT-FOR-US: JnSHosts PHP Hosting Directory
 CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass ...)




More information about the Secure-testing-commits mailing list