[Git][security-tracker-team/security-tracker][master] Track phpmyadmin as proposed via stretch-pu

Salvatore Bonaccorso carnil at debian.org
Wed Nov 6 13:42:42 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
55503a74 by Salvatore Bonaccorso at 2019-11-06T13:42:13Z
Track phpmyadmin as proposed via stretch-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -21325,6 +21325,7 @@ CVE-2019-12617 (In SilverStripe through 4.3.3, there is access escalation for CM
 CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...)
 	{DLA-1821-1}
 	- phpmyadmin <unfixed> (bug #930017)
+	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-4/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec
 CVE-2019-12613
@@ -23494,6 +23495,7 @@ CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the pr
 	NOT-FOR-US: TeamViewer
 CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability  ...)
 	- phpmyadmin <unfixed> (bug #930048)
+	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - phpmyadmin <not-affected> (vulnerable code is not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-3/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86
@@ -37941,11 +37943,13 @@ CVE-2019-6800 (In TitanHQ SpamTitan through 7.03, a vulnerability exists in the
 CVE-2019-6799 (An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ...)
 	{DLA-1692-1}
 	- phpmyadmin <unfixed> (bug #920823)
+	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-1/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900
 CVE-2019-6798 (An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability wa ...)
 	- phpmyadmin <unfixed> (bug #920822)
+	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - phpmyadmin <not-affected> (Vulnerable code introduced later >= 4.5.0)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-2/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb78670590f7511399435
@@ -51448,6 +51452,7 @@ CVE-2018-19971 (JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. ...)
 CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navi ...)
 	{DLA-1658-1}
 	- phpmyadmin <unfixed>
+	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-8/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
 CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ...)
@@ -51459,6 +51464,7 @@ CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected
 CVE-2018-19968 (An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents o ...)
 	{DLA-1658-1}
 	- phpmyadmin <unfixed>
+	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-6/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
 CVE-2018-19959


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -64,3 +64,17 @@ CVE-2016-9112
 	[stretch] - openjpeg2 2.1.2-1.1+deb9u4
 CVE-2019-14806
 	[stretch] - python-werkzeug 0.11.15+dfsg1-1+deb9u1
+CVE-2018-7260
+	[stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2018-19968
+	[stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2018-19970
+	[stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2019-6799
+	[stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2019-6798
+	[stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2019-11768
+	[stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2019-12616
+	[stretch] - phpmyadmin 4:4.6.6-4+deb9u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55503a74774e97e76e3e9ba8c512a6a2cb0b9d11

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/55503a74774e97e76e3e9ba8c512a6a2cb0b9d11
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191106/03f3a3e4/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list