[Git][security-tracker-team/security-tracker][master] Add tracking for PMASA-2025-[12] for phpmyadmin

Wed Jan 22 05:43:18 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1d16157a by Salvatore Bonaccorso at 2025-01-22T06:42:06+01:00
Add tracking for PMASA-2025-[12] for phpmyadmin

Deliberately not addin as well for PMASA-2025-3 which the unterlying
issue is in glibc (but can be revisited).

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,11 @@
+CVE-2025-XXXX [PMASA-2025-2: XSS on Insert page]
+	- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2025-2/
+	NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/7355ddff8d1da9453cf43c09a45666157b16103d (RELEASE_5_2_2)
+CVE-2025-XXXX [PMASA-2025-1: XSS when checking tables]
+	- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2025-1/
+	NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7 (RELEASE_5_2_2)
 CVE-2025-23085 [GOAWAY HTTP/2 frames cause memory leak outside heap]
 	- nodejs <unfixed>
 	NOTE: https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#goaway-http2-frames-cause-memory-leak-outside-heap-cve-2025-23085---medium



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d16157a3f658c15c86310736759474b521da09d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1d16157a3f658c15c86310736759474b521da09d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250122/bf7a08f3/attachment.htm>
