[Git][security-tracker-team/security-tracker][master] CVE-2018-19969/phpmyadmin: jessie ignored

Sylvain Beucler beuc at debian.org
Mon May 13 19:22:32 BST 2019 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14171698 by Sylvain Beucler at 2019-05-13T18:21:40Z
CVE-2018-19969/phpmyadmin: jessie ignored

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -26265,6 +26265,7 @@ CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in th
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
 CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ...)
 	- phpmyadmin <unfixed>
+	[jessie] - phpmyadmin <ignored> (invasive with 49 patches to backport, only mitigate with _REQUEST->_POST instead of adding CSRF tokens)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-7/
 	NOTE: Upstream explicitly fixed only the 4.7/4.8 branch but the problem exists in
 	NOTE: earlier versions as well. At least parts of the listed commits are needed.


=====================================
data/dla-needed.txt
=====================================
@@ -83,8 +83,6 @@ openjdk-7
 php5 (Thorsten Alteholz)
   NOTE: 20190512: test package
 --
-phpmyadmin (Sylvain Beucler)
---
 polarssl
   NOTE: 20181207: Not 100% sure if vulnerable. Upstream would prefer us to move to latest version, etc. (!). (lamby)
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14171698e75a598f4827ca097ea8f0e1f327ca4c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/14171698e75a598f4827ca097ea8f0e1f327ca4c
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190513/f2b361aa/attachment.html>

More information about the debian-security-tracker-commits mailing list