[Secure-testing-commits] r37400 - in data: . CVE DLA DSA

Thijs Kinkhorst thijs at moszumanska.debian.org
Wed Oct 28 19:55:49 UTC 2015 

Author: thijs
Date: 2015-10-28 19:55:48 +0000 (Wed, 28 Oct 2015)
New Revision: 37400

Modified:
   data/CVE/list
   data/DLA/list
   data/DSA/list
   data/dla-needed.txt
   data/dsa-needed.txt
Log:
phpmyadmin DSA/DLA


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-10-28 19:29:27 UTC (rev 37399)
+++ data/CVE/list	2015-10-28 19:55:48 UTC (rev 37400)
@@ -10851,6 +10851,8 @@
 	RESERVED
 CVE-2015-3903 (libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x ...)
 	- phpmyadmin 4:4.4.6.1-1 (unimportant)
+        [wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
+        [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2015-3902 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
 	- phpmyadmin 4:4.4.6.1-1 (unimportant)
 CVE-2015-4036 (Array index error in the tcm_vhost_make_tpg function in ...)
@@ -34617,8 +34619,8 @@
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php
 CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js ...)
 	- phpmyadmin 4:4.2.6-1 (low)
-	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
-	[squeeze] - phpmyadmin <no-dsa> (Minor issue)
+	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
+	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
 CVE-2014-4985
 	RESERVED
@@ -42921,6 +42923,7 @@
 CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin ...)
 	{DSA-2975-1}
 	- phpmyadmin 4:4.1.7-1 (unimportant)
+        [squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
 CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c ...)
 	{DSA-2956-1 DLA-60-1}
 	- icinga 1.10.3-1

Modified: data/DLA/list
===================================================================
--- data/DLA/list	2015-10-28 19:29:27 UTC (rev 37399)
+++ data/DLA/list	2015-10-28 19:55:48 UTC (rev 37400)
@@ -1,3 +1,6 @@
+[28 Oct 2015] DLA-336-1 phpmyadmin - security update
+	{CVE-2014-8958 CVE-2014-9218 CVE-2015-2206 CVE-2015-3902}
+	[squeeze] - phpmyadmin 4:3.3.7-9
 [28 Oct 2015] DLA-335-1 ntp - security update
 	{CVE-2015-5146 CVE-2015-5194 CVE-2015-5195 CVE-2015-5219 CVE-2015-5300 CVE-2015-7691 CVE-2015-7692 CVE-2015-7701 CVE-2015-7702 CVE-2015-7703 CVE-2015-7704 CVE-2015-7850 CVE-2015-7851 CVE-2015-7852 CVE-2015-7855 CVE-2015-7871}
 	[squeeze] - ntp 1:4.2.6.p2+dfsg-1+deb6u4

Modified: data/DSA/list
===================================================================
--- data/DSA/list	2015-10-28 19:29:27 UTC (rev 37399)
+++ data/DSA/list	2015-10-28 19:55:48 UTC (rev 37400)
@@ -1,3 +1,7 @@
+[28 Oct 2015] DSA-3382-1 phpmyadmin - security update
+	{CVE-2014-8958 CVE-2014-9218 CVE-2015-2206 CVE-2015-3902 CVE-2015-3903 CVE-2015-6830 CVE-2015-7873}
+	[wheezy] - phpmyadmin 4:3.4.11.1-2+deb7u2
+	[jessie] - phpmyadmin 4:4.2.12-2+deb8u1
 [27 Oct 2015] DSA-3381-1 openjdk-7 - security update
 	{CVE-2015-4734 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911}
 	[wheezy] - openjdk-7 7u85-2.6.1-6~deb7u1

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-10-28 19:29:27 UTC (rev 37399)
+++ data/dla-needed.txt	2015-10-28 19:55:48 UTC (rev 37400)
@@ -33,9 +33,6 @@
 php5 (Thorsten Alteholz)
   NOTE: next upload in October
 --
-phpmyadmin (Thijs Kinkhorst)
-  http://lists.debian.org/8d1ec56509c135da275476758673e47a.squirrel@aphrodite.kinkhorst.nl
---
 pound (Guido Günther)
 --
 quassel (Scott K)

Modified: data/dsa-needed.txt
===================================================================
--- data/dsa-needed.txt	2015-10-28 19:29:27 UTC (rev 37399)
+++ data/dsa-needed.txt	2015-10-28 19:55:48 UTC (rev 37400)
@@ -61,8 +61,6 @@
 --
 pdns/oldstable
 --
-phpmyadmin (thijs)
---
 smarty3
 --
 squid/oldstable

More information about the Secure-testing-commits mailing list