[Git][security-tracker-team/security-tracker][master] Mark CVE-2018-19969 as no-dsa
Salvatore Bonaccorso
carnil at debian.org
Sat Dec 14 20:26:56 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f1c664b1 by Salvatore Bonaccorso at 2019-12-14T20:26:14Z
Mark CVE-2018-19969 as no-dsa
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -58440,6 +58440,7 @@ CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in th
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ...)
- phpmyadmin 4:4.9.1+dfsg1-2
+ [stretch] - phpmyadmin <ignored> (Minor issue and too intrusive to backport)
[jessie] - phpmyadmin <ignored> (invasive with 49 patches to backport, only mitigate with _REQUEST->_POST instead of adding CSRF tokens)
NOTE: https://www.phpmyadmin.net/security/PMASA-2018-7/
NOTE: Upstream explicitly fixed only the 4.7/4.8 branch but the problem exists in
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1c664b1d0d42ab883489384b67572bece29eb09
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f1c664b1d0d42ab883489384b67572bece29eb09
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191214/2caf1215/attachment.html>
More information about the debian-security-tracker-commits
mailing list