[Secure-testing-commits] r13824 - data/CVE
Raphael Geissert
geissert at alioth.debian.org
Fri Jan 15 08:15:46 UTC 2010
Author: geissert
Date: 2010-01-15 08:15:44 +0000 (Fri, 15 Jan 2010)
New Revision: 13824
Modified:
data/CVE/list
Log:
comment on phpmyadmin unserialize issue
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2010-01-15 03:44:17 UTC (rev 13823)
+++ data/CVE/list 2010-01-15 08:15:44 UTC (rev 13824)
@@ -234,6 +234,7 @@
- phpmyadmin 4:3.2.4-1
NOTE: vulnerable code does not in the 3.x series (sid and squeeze checked)
NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
+ NOTE: there is still at least one unserialize() call on _POST data
CVE-2009-4594 (Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access ...)
NOT-FOR-US: IBM Lotus iNotes
CVE-2009-4593 (The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not ...)
More information about the Secure-testing-commits
mailing list