[Secure-testing-commits] r8441 - data/CVE
thijs at alioth.debian.org
thijs at alioth.debian.org
Sat Mar 29 15:42:12 UTC 2008
Author: thijs
Date: 2008-03-29 15:42:11 +0000 (Sat, 29 Mar 2008)
New Revision: 8441
Modified:
data/CVE/list
Log:
phpMyAdmin nonissue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2008-03-29 14:18:32 UTC (rev 8440)
+++ data/CVE/list 2008-03-29 15:42:11 UTC (rev 8441)
@@ -1,3 +1,10 @@
+CVE-2008-XXXX [phpMyAdmin sensitive data in session PMASA-2008-2]
+ - phpmyadmin 2.11.5.1 (unimportant)
+ NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
+ NOTE: I can see no way to actively exploit this unless the host is very
+ NOTE: insecure anyway (not a Debian supported configuration), plus on a
+ NOTE: shared host of that setup you can read the same data from the config
+ NOTE: if you'd like. Flagging as non-issue.
CVE-2008-1530 [gnupg key import memory corruption]
- gnupg <not-affected> (Only 1.4.8 is affected)
TODO: Verify that the next maintainer upload uses 1.4.9 directly
More information about the Secure-testing-commits
mailing list