[Secure-testing-commits] r44590 - data/CVE
Ola Lundqvist
opal at moszumanska.debian.org
Wed Sep 14 20:05:50 UTC 2016
Author: opal
Date: 2016-09-14 20:05:49 +0000 (Wed, 14 Sep 2016)
New Revision: 44590
Modified:
data/CVE/list
Log:
Motivation for not solving CVE-2016-6625 in wheezy.
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-09-14 20:00:22 UTC (rev 44589)
+++ data/CVE/list 2016-09-14 20:05:49 UTC (rev 44590)
@@ -4270,6 +4270,12 @@
- phpmyadmin 4:4.6.4+dfsg1-1
[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-48/
+ NOTE: The solution is to remove a configuration option. This option
+ NOTE: is by default disabled so a default installation is not
+ NOTE: vulnerable. It should be fairly obvious that enabling phpinfo
+ NOTE: printing can show more information than what should be used in
+ NOTE: a production environment. This is the motivation that it is not
+ NOTE: solved for wheezy.
CVE-2016-6624
RESERVED
- phpmyadmin 4:4.6.4+dfsg1-1
More information about the Secure-testing-commits
mailing list