[Git][security-tracker-team/security-tracker][master] 2 commits: Remove no-dsa tags for phpmyadmin,Jessie because of upcoming DLA
Markus Koschany
apo at debian.org
Sun Jun 16 16:40:54 BST 2019
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
97bcc3e4 by Markus Koschany at 2019-06-16T15:38:24Z
Remove no-dsa tags for phpmyadmin,Jessie because of upcoming DLA
- - - - -
15321c1d by Markus Koschany at 2019-06-16T15:40:44Z
Reserve DLA-1821-1 for phpmyadmin
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -139143,12 +139143,10 @@ CVE-2016-9848 (An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) show
CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass AllowR ...)
{DLA-757-1}
- phpmyadmin 4:4.6.5.1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for the allow ...)
{DLA-757-1}
- phpmyadmin 4:4.6.5.1-1 (low)
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request paramete ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
@@ -139189,7 +139187,6 @@ CVE-2016-9860 (An issue was discovered in phpMyAdmin. An unauthenticated user ca
CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in URL ma ...)
{DLA-757-1}
- phpmyadmin 4:4.6.5.1-1 (low)
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login request it ...)
- phpmyadmin 4:4.6.5.1-1
@@ -139204,7 +139201,6 @@ CVE-2016-9863 (An issue was discovered in phpMyAdmin. With a very large request
CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username or a ta ...)
{DLA-757-1}
- phpmyadmin 4:4.6.5.1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in serialized stri ...)
{DLA-1415-1 DLA-757-1}
@@ -148431,38 +148427,31 @@ CVE-2016-6633 (An issue was discovered in phpMyAdmin. phpMyAdmin can be used to
NOTE: dbase extension not available in Debian
CVE-2016-6632 (An issue was discovered in phpMyAdmin where, under certain conditions, ...)
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-55/
CVE-2016-6631 (An issue was discovered in phpMyAdmin. A user can execute a remote cod ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-54/
CVE-2016-6630 (An issue was discovered in phpMyAdmin. An authenticated user can trigg ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-53/
CVE-2016-6629 (An issue was discovered in phpMyAdmin involving the $cfg['ArbitrarySer ...)
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-52/
CVE-2016-6628 (An issue was discovered in phpMyAdmin. An attacker may be able to trig ...)
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-51/
CVE-2016-6627 (An issue was discovered in phpMyAdmin. An attacker can determine the p ...)
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
CVE-2016-6626 (An issue was discovered in phpMyAdmin. An attacker could redirect a us ...)
{DLA-757-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
CVE-2016-6625 (An issue was discovered in phpMyAdmin. An attacker can determine wheth ...)
@@ -148477,7 +148466,6 @@ CVE-2016-6625 (An issue was discovered in phpMyAdmin. An attacker can determine
CVE-2016-6624 (An issue was discovered in phpMyAdmin involving improper enforcement o ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-47/
CVE-2016-6623 (An issue was discovered in phpMyAdmin. An authorized user can cause a ...)
{DLA-626-1}
@@ -148528,17 +148516,14 @@ CVE-2016-6614 (An issue was discovered in phpMyAdmin involving the %u username r
CVE-2016-6613 (An issue was discovered in phpMyAdmin. A user can specially craft a sy ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
CVE-2016-6612 (An issue was discovered in phpMyAdmin. A user can exploit the LOAD LOC ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
CVE-2016-6611 (An issue was discovered in phpMyAdmin. A specially crafted database an ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
CVE-2016-6610 (A full path disclosure vulnerability was discovered in phpMyAdmin wher ...)
- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
@@ -148556,12 +148541,10 @@ CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the databa
CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom search (sp ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The decryp ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...)
NOT-FOR-US: Impala
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Jun 2019] DLA-1821-1 phpmyadmin - security update
+ {CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6629 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2019-12616}
+ [jessie] - phpmyadmin 4:4.2.12-2+deb8u6
[16 Jun 2019] DLA-1820-1 thunderbird - security update
{CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706}
[jessie] - thunderbird 1:60.7.1-1~deb8u1
=====================================
data/dla-needed.txt
=====================================
@@ -98,8 +98,6 @@ mupdf (Mike Gabriel)
--
php-horde-form (Markus Koschany)
--
-phpmyadmin (Markus Koschany)
---
polarssl
NOTE: 20181207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/98ea35243ca2547bfb5ee168bc720cb36a1a5487...15321c1df6ef6276b18420099d1216e886a1b073
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/98ea35243ca2547bfb5ee168bc720cb36a1a5487...15321c1df6ef6276b18420099d1216e886a1b073
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190616/6ce25e58/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list