[Git][security-tracker-team/security-tracker][master] Mark CVE-2016-6629,phpmyadmin as postponed

Mon Jun 17 20:12:34 BST 2019


Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d00cdb79 by Markus Koschany at 2019-06-17T19:10:26Z
Mark CVE-2016-6629,phpmyadmin as postponed

The $cfg['ArbitraryServerRegexp'] configuration directive is not present but it
is not clear if the new cookie encryption code is still needed. Mark as
postponed because this issue needs further investigation.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -148472,8 +148472,8 @@ CVE-2016-6630 (An issue was discovered in phpMyAdmin. An authenticated user can
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-53/
 CVE-2016-6629 (An issue was discovered in phpMyAdmin involving the $cfg['ArbitrarySer ...)
-	{DLA-1821-1}
 	- phpmyadmin 4:4.6.4+dfsg1-1
+	[jessie] - phpmyadmin <postponed> (probably not affected, needs more investigation)
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-52/
 CVE-2016-6628 (An issue was discovered in phpMyAdmin. An attacker may be able to trig ...)


=====================================
data/DLA/list
=====================================
@@ -8,7 +8,7 @@
 	{CVE-2019-9858}
 	[jessie] - php-horde-form 2.0.8-2+deb8u1
 [16 Jun 2019] DLA-1821-1 phpmyadmin - security update
-	{CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6629 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2019-12616}
+	{CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864 CVE-2019-12616}
 	[jessie] - phpmyadmin 4:4.2.12-2+deb8u6
 [16 Jun 2019] DLA-1820-1 thunderbird - security update
 	{CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d00cdb79c9f7c71f2f9a77dc59c3786d7c865ada

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d00cdb79c9f7c71f2f9a77dc59c3786d7c865ada
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190617/9103558c/attachment-0001.html>
