[Secure-testing-commits] r29028 - data/CVE

[Raphaël Hertzog]

Author: hertzog
Date: 2014-09-25 08:17:44 +0000 (Thu, 25 Sep 2014)
New Revision: 29028

Modified:
   data/CVE/list
Log:
CVE-2014-5273/CVE-2014-5274 do not apply on squeeze/wheezy

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2014-09-25 07:50:03 UTC (rev 29027)
+++ data/CVE/list	2014-09-25 08:17:44 UTC (rev 29028)
@@ -4061,10 +4061,17 @@
 	NOT-FOR-US: ZPanel
 CVE-2014-5274 (Cross-site scripting (XSS) vulnerability in the view operations page ...)
 	- phpmyadmin 4:4.2.7.1-1 (low; bug #758536)
+	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
+	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
+	NOTE: Version 3.x uses the browser-provided confirmation window and not custom HTML.
 CVE-2014-5273 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	- phpmyadmin 4:4.2.7.1-1 (low; bug #758536)
+	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
+	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
+	NOTE: Most of the affected Javascript files do not exist on version 3.3 and 3.4.
+	NOTE: Those that do do not contain the problematic code.
 CVE-2014-5268
 	RESERVED
 	NOT-FOR-US: Drupal addon