Hi all,
I''ve been preparing updates for the open phpMyAdmin issues. This got
delayed
because I had to contact upstream because I believe one of the issues is not
adequately fixed by their patch. I neglected to follow up on this promptly,
sorry, but it now seems that we''ll hear more about this soon. So,
I''m working
on it with them.
Meanwhile, I can report that the following issues only affect etch, and not
sarge. A patch is attached. They can already be marked as not relevant to
oldstable:
CVE-2007-0341
CVE-2007-1325
CVE-2007-1395
I''ve also removed the no-dsa from 1325, since discussion with Moritz a
while
ago yielded that this would be desirable to fix within pma - and we''re
going
to put out a DSA for the other issues anyway.
If you wish, you can also add me to the Alioth project
(''thijs'') since I''m
interested to continue to help out with other issues.
thanks,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pma_cve.patch
Type: text/x-diff
Size: 1544 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070815/866a3d5a/attachment.patch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: not available
Url :
http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070815/866a3d5a/attachment.pgp