[Git][security-tracker-team/security-tracker][master] Reserve DLA-4121-1 for phpmyadmin
Adrian Bunk (@bunk)
bunk at debian.org
Tue Apr 8 16:05:38 BST 2025
Adrian Bunk pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a72c18bf by Adrian Bunk at 2025-04-08T18:05:24+03:00
Reserve DLA-4121-1 for phpmyadmin
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -24906,13 +24906,11 @@ CVE-2024-53299 (The request handling in the core in Apache Wicket 7.0.0 on any p
CVE-2025-24530 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
[bookworm] - phpmyadmin <no-dsa> (Minor issue)
- [bullseye] - phpmyadmin <ignored> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2025-1/
NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7 (RELEASE_5_2_2)
CVE-2025-24529 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
[bookworm] - phpmyadmin <no-dsa> (Minor issue)
- [bullseye] - phpmyadmin <ignored> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2025-2/
NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/7355ddff8d1da9453cf43c09a45666157b16103d (RELEASE_5_2_2)
CVE-2025-24030 (Envoy Gateway is an open source project for managing Envoy Proxy as a ...)
@@ -186040,7 +186038,6 @@ CVE-2023-0806
RESERVED
CVE-2023-25727 (In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated use ...)
- phpmyadmin 4:5.2.1+dfsg-1
- [bullseye] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2023-1/
CVE-2023-25726
RESERVED
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Apr 2025] DLA-4121-1 phpmyadmin - security update
+ {CVE-2023-25727 CVE-2025-24529 CVE-2025-24530}
+ [bullseye] - phpmyadmin 4:5.0.4+dfsg2-2+deb11u2
[08 Apr 2025] DLA-4120-1 libnet-easytcp-perl - security update
{CVE-2024-56830}
[bullseye] - libnet-easytcp-perl 0.26-6+deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -199,11 +199,6 @@ php-twig (Markus Koschany)
NOTE: 20250209: Added by Front-Desk (apo)
NOTE: 20250209: Vulnerable code is in src/Node/Expression/NullCoalesceExpression.php (apo)
--
-phpmyadmin (Adrian Bunk)
- NOTE: 20250209: Added by Front-Desk (apo)
- NOTE: 20250219: Packaged prepared on salsa. (lamby)
- NOTE: 20250306: Checking some postponed issues. (lamby)
---
qemu (santiago)
NOTE: 20240815: Added by Front-Desk (Beuc)
NOTE: 20240815: Follow fixes from bookworm 12.4 (CVE-2023-5088)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a72c18bf0829476329442b1057bf3a0c370f1c3d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a72c18bf0829476329442b1057bf3a0c370f1c3d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250408/be95ae32/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list