[Git][security-tracker-team/security-tracker][master] Track fixed versions for phpmyadmin via unstable

Salvatore Bonaccorso carnil at debian.org
Sun Nov 10 19:36:47 GMT 2019 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
853565d1 by Salvatore Bonaccorso at 2019-11-10T19:36:01Z
Track fixed versions for phpmyadmin via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -21536,7 +21536,7 @@ CVE-2019-12617 (In SilverStripe through 4.3.3, there is access escalation for CM
 	NOT-FOR-US: SilverStripe
 CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability wa ...)
 	{DLA-1821-1}
-	- phpmyadmin <unfixed> (bug #930017)
+	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #930017)
 	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-4/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec
@@ -23714,7 +23714,7 @@ CVE-2019-11770 (In Eclipse Buildship versions prior to 3.1.1, the build files in
 CVE-2019-11769 (An issue was discovered in TeamViewer 14.2.2558. Updating the product  ...)
 	NOT-FOR-US: TeamViewer
 CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability  ...)
-	- phpmyadmin <unfixed> (bug #930048)
+	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #930048)
 	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - phpmyadmin <not-affected> (vulnerable code is not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-3/
@@ -38181,13 +38181,13 @@ CVE-2019-6800 (In TitanHQ SpamTitan through 7.03, a vulnerability exists in the
 	NOT-FOR-US: TitanHQ SpamTitan
 CVE-2019-6799 (An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ...)
 	{DLA-1692-1}
-	- phpmyadmin <unfixed> (bug #920823)
+	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #920823)
 	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-1/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900
 CVE-2019-6798 (An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability wa ...)
-	- phpmyadmin <unfixed> (bug #920822)
+	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #920822)
 	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	[jessie] - phpmyadmin <not-affected> (Vulnerable code introduced later >= 4.5.0)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2019-2/
@@ -51745,19 +51745,19 @@ CVE-2018-19971 (JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. ...)
 	NOT-FOR-US: JFrog Artifactory Pro
 CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navi ...)
 	{DLA-1658-1}
-	- phpmyadmin <unfixed>
+	- phpmyadmin 4:4.9.1+dfsg1-2
 	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-8/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
 CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a s ...)
-	- phpmyadmin <unfixed>
+	- phpmyadmin 4:4.9.1+dfsg1-2
 	[jessie] - phpmyadmin <ignored> (invasive with 49 patches to backport, only mitigate with _REQUEST->_POST instead of adding CSRF tokens)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-7/
 	NOTE: Upstream explicitly fixed only the 4.7/4.8 branch but the problem exists in
 	NOTE: earlier versions as well. At least parts of the listed commits are needed.
 CVE-2018-19968 (An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents o ...)
 	{DLA-1658-1}
-	- phpmyadmin <unfixed>
+	- phpmyadmin 4:4.9.1+dfsg1-2
 	[stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point release)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-6/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
@@ -75044,7 +75044,7 @@ CVE-2018-12583 (An issue was discovered in AKCMS 6.1. CSRF can delete an article
 CVE-2018-12582 (An issue was discovered in AKCMS 6.1. CSRF can add an admin account vi ...)
 	NOT-FOR-US: AKCMS
 CVE-2018-12581 (An issue was discovered in js/designer/move.js in phpMyAdmin before 4. ...)
-	- phpmyadmin <unfixed> (low)
+	- phpmyadmin 4:4.9.1+dfsg1-2 (low)
 	[stretch] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-3/
@@ -81934,7 +81934,7 @@ CVE-2018-10190 (A vulnerability in London Trust Media Private Internet Access (P
 CVE-2018-10189 (An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is pos ...)
 	NOT-FOR-US: Mautic
 CVE-2018-10188 (phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to exec ...)
-	- phpmyadmin <unfixed> (bug #896490)
+	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #896490)
 	[stretch] - phpmyadmin <not-affected> (Only affects 4.8.x)
 	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
 	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
@@ -89916,7 +89916,7 @@ CVE-2018-7262 (In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.c
 CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant CMS 1.1.4 ...)
 	NOT-FOR-US: Radiant CMS
 CVE-2018-7260 (Cross-site scripting (XSS) vulnerability in db_central_columns.php in  ...)
-	- phpmyadmin <unfixed> (bug #893539)
+	- phpmyadmin 4:4.9.1+dfsg1-2 (bug #893539)
 	[stretch] - phpmyadmin <no-dsa> (Minor issue)
 	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
 	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/853565d142a943de5763210224346bcc67b3335d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/853565d142a943de5763210224346bcc67b3335d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191110/9ff8384e/attachment.html>

More information about the debian-security-tracker-commits mailing list