[Git][security-tracker-team/security-tracker][master] phpmyadmin CVEfied

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
e1badc6e by Moritz Muehlenhoff at 2025-01-23T09:15:46+01:00
phpmyadmin CVEfied

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,11 @@
 CVE-2025-24530 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
-	TODO: check
+	- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2025-1/
+	NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7 (RELEASE_5_2_2)
 CVE-2025-24529 (An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnera ...)
-	TODO: check
+	- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
+	NOTE: https://www.phpmyadmin.net/security/PMASA-2025-2/
+	NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/7355ddff8d1da9453cf43c09a45666157b16103d (RELEASE_5_2_2)
 CVE-2025-24030 (Envoy Gateway is an open source project for managing Envoy Proxy as a  ...)
 	TODO: check
 CVE-2024-57724 (lunasvg v3.0.0 was discovered to contain a segmentation violation via  ...)
@@ -733,14 +737,6 @@ CVE-2025-0411 [7-Zip Mark-of-the-Web Bypass Vulnerability]
 	NOTE: Since p7zip/16.02+transitional.1 src:p7zip is only a empty source package
 	NOTE: depending on 7zip. Mark this version as fixed version.
 	NOTE: https://www.zerodayinitiative.com/advisories/ZDI-25-045/
-CVE-2025-XXXX [PMASA-2025-2: XSS on Insert page]
-	- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
-	NOTE: https://www.phpmyadmin.net/security/PMASA-2025-2/
-	NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/7355ddff8d1da9453cf43c09a45666157b16103d (RELEASE_5_2_2)
-CVE-2025-XXXX [PMASA-2025-1: XSS when checking tables]
-	- phpmyadmin 4:5.2.2-really5.2.2+20250121+dfsg-1
-	NOTE: https://www.phpmyadmin.net/security/PMASA-2025-1/
-	NOTE: Fixed by: https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7 (RELEASE_5_2_2)
 CVE-2025-23085 [GOAWAY HTTP/2 frames cause memory leak outside heap]
 	- nodejs <unfixed>
 	NOTE: https://nodejs.org/en/blog/vulnerability/january-2025-security-releases#goaway-http2-frames-cause-memory-leak-outside-heap-cve-2025-23085---medium



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1badc6e12ad30b48b89f2d368dff6f4d274beaf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e1badc6e12ad30b48b89f2d368dff6f4d274beaf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250123/28d7dd14/attachment-0001.htm>