[Git][security-tracker-team/security-tracker][master] 2 commits: Adjust tracking for CVE-2022-23808

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon Jan 31 05:23:03 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0f022e1 by Salvatore Bonaccorso at 2022-01-31T06:20:08+01:00
Adjust tracking for CVE-2022-23808

Rationale: CVE-2022-23808 is about the setup for pypmyadmin, not
available in Debian according to the reference, but the code affected.
Thus demote the severity to unimportant and mark it as fixed once 5.1.2
lands.

- - - - -
33591c4c by Salvatore Bonaccorso at 2022-01-31T06:21:58+01:00
Adjust tracking for CVE-2022-23807

Rationale: The 2FA support is not packages according to the research and
references, but the affected source code is. Demote the severity to
unimprtant and mark it as fixed once 5.1.2 lands in unstable.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1500,18 +1500,17 @@ CVE-2021-4208
 CVE-2022-23809
 	RESERVED
 CVE-2022-23808 (An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker ca ...)
-	- phpmyadmin <not-affected> (2FA is not packaged yet and the setup is not available to be used)
+	- phpmyadmin <unfixed> (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2022-2/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59
 	NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28 (setup not available)
-	NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages)
 CVE-2022-23807 (An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before  ...)
-	- phpmyadmin <not-affected> (2FA is not packaged yet and the setup is not available to be used)
+	- phpmyadmin <unfixed> (unimportant)
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2022-1/
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32
-	NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28 (setup not available)
 	NOTE: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/3 (missing 2FA packages)
+	NOTE: 2FA support is not packaged in Debian
 CVE-2022-23806
 	RESERVED
 CVE-2022-23805



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34982fa7b201b730fa6c8cff987430f27a1bf11b...33591c4ccae719c469d82dbf97e5263e0ab02f21

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/34982fa7b201b730fa6c8cff987430f27a1bf11b...33591c4ccae719c469d82dbf97e5263e0ab02f21
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220131/376fa3eb/attachment.htm>

More information about the debian-security-tracker-commits mailing list