[Secure-testing-commits] r9851 - data/CVE

thijs at alioth.debian.org thijs at alioth.debian.org
Sat Sep 20 12:53:08 UTC 2008 

Author: thijs
Date: 2008-09-20 12:53:07 +0000 (Sat, 20 Sep 2008)
New Revision: 9851

Modified:
   data/CVE/list
Log:
phpmyadmin fixed in sid, will roll less important issues into DSA, similar for django


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2008-09-20 09:14:14 UTC (rev 9850)
+++ data/CVE/list	2008-09-20 12:53:07 UTC (rev 9851)
@@ -200,7 +200,7 @@
 	- python-dns 2.3.1-5 (low; bug #490217)
 CVE-2008-4096 [phpmyadmin code execution PMASA-2008-7]
 	RESERVED
-	- phpmyadmin <unfixed> (medium)
+	- phpmyadmin 4:2.11.8.1-2 (medium)
 CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
 	- smsclient <unfixed> (unimportant; bug #498901)
 	NOTE: script is not in use and only a suggestion for users
@@ -1646,7 +1646,6 @@
 	NOTE: CORE-2008-0716
 CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from ...)
 	- phpmyadmin 4:2.11.8~rc1-1 (low)
-	[etch] - phpmyadmin <no-dsa> (Minor issue)
 	NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn't warrant DSA on its own
 CVE-2008-3547 [openttd remote buffer overflow]
 	RESERVED
@@ -2168,7 +2167,6 @@
 	- phpbb2 <not-affected> (Vulnerable code not present)
 CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before ...)
 	- phpmyadmin 4:2.11.7.1-1 (low)
-	[etch] - phpmyadmin <no-dsa> (low impact issue)
 	NOTE: this only allows via csrf to create an empty database.
 	NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS
 CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ...)
@@ -12196,7 +12194,6 @@
 	NOT-FOR-US: Half-Life Server
 CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, ...)
 	- python-django 0.96-1.1 (low; bug #448838)
-	[etch] - python-django <no-dsa> (Minor issue)
 CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows ...)
 	NOT-FOR-US: Conflict
 CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in ...)

More information about the Secure-testing-commits mailing list