[Secure-testing-commits] r31408 - data/CVE

Thijs Kinkhorst thijs at moszumanska.debian.org
Fri Jan 16 22:05:54 UTC 2015


Author: thijs
Date: 2015-01-16 22:05:54 +0000 (Fri, 16 Jan 2015)
New Revision: 31408

Modified:
   data/CVE/list
Log:
triage some pma issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-01-16 21:59:41 UTC (rev 31407)
+++ data/CVE/list	2015-01-16 22:05:54 UTC (rev 31408)
@@ -3051,10 +3051,12 @@
 	NOT-FOR-US: OpenVAS Manager
 CVE-2014-9219 (Cross-site scripting (XSS) vulnerability in the redirection feature in ...)
 	- phpmyadmin 4:4.2.12-2 (bug #774194)
+	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
+	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
 CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x ...)
-	- phpmyadmin 4:4.2.12-2 (bug #774194)
+	- phpmyadmin 4:4.2.12-2 (low; bug #774194)
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master)
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
 CVE-2014-9172
@@ -4353,7 +4355,7 @@
 	- phpmyadmin 4:4.2.12-1 (low)
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 and
-	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 need
+	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d need
 	NOTE: to be backported to 3.4
 CVE-2014-8957
 	RESERVED
@@ -5995,8 +5997,9 @@
 	NOT-FOR-US: TYPO3 extension fal_sftp
 CVE-2014-8326 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
 	- phpmyadmin 4:4.2.10.1-1 (low)
-	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
-	[squeeze] - phpmyadmin <no-dsa> (Minor issue)
+	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
+	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
+	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php
 CVE-2014-8325 (The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 ...)
 	NOT-FOR-US: TYPO3 extension cal
 CVE-2014-8316 (XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP ...)
@@ -13841,10 +13844,12 @@
 	- phpmyadmin 4:4.2.6-1 (low)
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
+	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php
 CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js ...)
 	- phpmyadmin 4:4.2.6-1 (low)
 	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
 	[squeeze] - phpmyadmin <no-dsa> (Minor issue)
+	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
 CVE-2014-4985
 	RESERVED
 CVE-2014-4984




More information about the Secure-testing-commits mailing list