[Secure-testing-commits] r43400 - data/CVE
Thijs Kinkhorst
thijs at moszumanska.debian.org
Sat Jul 23 10:33:35 UTC 2016
Author: thijs
Date: 2016-07-23 10:33:34 +0000 (Sat, 23 Jul 2016)
New Revision: 43400
Modified:
data/CVE/list
Log:
pma issues triage
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-07-23 09:41:49 UTC (rev 43399)
+++ data/CVE/list 2016-07-23 10:33:34 UTC (rev 43400)
@@ -1879,12 +1879,13 @@
CVE-2016-5732 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
- phpmyadmin 4:4.6.3-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
+ [jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5731 (Cross-site scripting (XSS) vulnerability in examples/openid.php in ...)
{DLA-551-1}
- - phpmyadmin 4:4.6.3-1
+ - phpmyadmin 4:4.6.3-1 (low)
CVE-2016-5730 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...)
- - phpmyadmin 4:4.6.3-1
- [wheezy] - phpmyadmin <no-dsa> (Minor issue)
+ - phpmyadmin 4:4.6.3-1 (unimportant)
+ NOTE: path disclosure irrelevant in Debian
CVE-2016-5742 [SQL injection in MovableType xml-rpc interface]
RESERVED
{DLA-532-1}
@@ -1949,7 +1950,7 @@
CVE-2016-5707
RESERVED
CVE-2016-5706 (js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x ...)
- - phpmyadmin 4:4.6.3-1
+ - phpmyadmin 4:4.6.3-1 (low)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5705 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 4:4.6.3-1
@@ -1957,12 +1958,15 @@
CVE-2016-5704 (Cross-site scripting (XSS) vulnerability in the table-structure page ...)
- phpmyadmin 4:4.6.3-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
+ [jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5703 (SQL injection vulnerability in libraries/central_columns.lib.php in ...)
- phpmyadmin 4:4.6.3-1
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
+ [jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5702 (phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF ...)
- - phpmyadmin 4:4.6.3-1
+ - phpmyadmin 4:4.6.3-1 (low)
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
+ [jessie] - phpmyadmin <no-dsa> (Minor issue)
CVE-2016-5701 (setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, ...)
- phpmyadmin 4:4.6.3-1
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
@@ -3992,7 +3996,7 @@
CVE-2016-5100
RESERVED
CVE-2016-5099 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before ...)
- - phpmyadmin 4:4.6.2-1
+ - phpmyadmin 4:4.6.2-1 (low)
[jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-16/
@@ -4001,7 +4005,7 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-15/
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2dc9481d2af25b035778c67eaf0bfd2d2c59dd8
CVE-2016-5097 (phpMyAdmin before 4.6.2 places tokens in query strings and does not ...)
- - phpmyadmin 4:4.6.2-1
+ - phpmyadmin 4:4.6.2-1 (low)
[jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/
@@ -13515,7 +13519,8 @@
NOT-FOR-US: SOPHOS
CVE-2016-2045 (Cross-site scripting (XSS) vulnerability in the SQL editor in ...)
{DLA-481-1}
- - phpmyadmin 4:4.5.4-1
+ - phpmyadmin 4:4.5.4-1 (low)
+ [jessie] - phpmyadmin <no-dsa> (Minor issue)
[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-9/
CVE-2016-2044 (libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin ...)
@@ -13533,11 +13538,12 @@
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-7/
NOTE: vulnerability introduced in 4.3.3 / 1e971f3
CVE-2016-2042 (phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote ...)
- - phpmyadmin 4:4.5.4-1
+ - phpmyadmin 4:4.5.4-1 (unimportant)
[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
NOTE: introduced as part of the CVE-2016-2039 fix
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-6/
+ NOTE: path disclosure not relevant on Debian
CVE-2016-2041 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x ...)
{DLA-481-1 DLA-406-1}
- phpmyadmin 4:4.5.4-1
@@ -13558,9 +13564,10 @@
NOTE: such a fix needs to avoid introducing a new vulnerability as well, upstream introduced CVE-2016-2042 as part of this
CVE-2016-2038 (phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x ...)
{DLA-481-1}
- - phpmyadmin 4:4.5.4-1
+ - phpmyadmin 4:4.5.4-1 (unimportant)
[squeeze] - phpmyadmin <no-dsa> (minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-1/
+ NOTE: path disclosure not relevant on Debian
CVE-2016-2036
RESERVED
CVE-2015-8780
More information about the Secure-testing-commits
mailing list