[Secure-testing-commits] r8253 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Sat Mar 1 17:40:26 UTC 2008
Author: thijs
Date: 2008-03-01 17:40:25 +0000 (Sat, 01 Mar 2008)
New Revision: 8253
Modified:
data/CVE/list
Log:
phpMyAdmin PMASA-2008-1, sid already fixed, minor issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-01 10:53:51 UTC (rev 8252)
+++ data/CVE/list 2008-03-01 17:40:25 UTC (rev 8253)
@@ -1,3 +1,10 @@
+CVE-2008-XXXX [phpMyAdmin SQL injection through cookie]
+ - phpmyadmin 2.11.5-1 (low)
+ [etch] - phpmyadmin <no-dsa> (Minor issue)
+ [sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
+ NOTE: PMASA-2008-1. SQL injection if you can set local cookies, which means
+ NOTE: you must be able to create pages in the same cookie domain, which seems
+ NOTE: rare and unwise. low priority.
CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 ...)
NOT-FOR-US: SurgeMail
CVE-2008-1054 (Stack-based buffer overflow in the _lib_spawn_user_getpid function in ...)
More information about the Secure-testing-commits
mailing list