thr3ads.net - Secure testing commits - [Secure-testing-commits] r6378

If this information is useful, please help other people find it:
Share via:

thijs at alioth.debian.org

2007-Aug-23 12:04 UTC

[Secure-testing-commits] r6378 - data/CVE

Author: thijs
Date: 2007-08-23 12:04:14 +0000 (Thu, 23 Aug 2007)
New Revision: 6378

Modified:
   data/CVE/list
Log:
phpmyadmin CVE-2007-4306: sarge not vulnerable
etch and up: ''vulnerable'', but you need to have a session
token.
will verify with upstream


Modified: data/CVE/list
==================================================================---
data/CVE/list	2007-08-22 21:14:08 UTC (rev 6377)
+++ data/CVE/list	2007-08-23 12:04:14 UTC (rev 6378)
@@ -348,6 +348,9 @@
 	NOT-FOR-US: Storesprite
 CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in
phpMyAdmin ...)
 	- phpmyadmin <unfixed>
+	[sarge] - phpmyadmin <not-affected>
+	NOTE: It seems that this requires knowledge of a unguessable session token.
+	NOTE: I''m contacting upstream to verify this, but it seems a non
issue.
 CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2)
Sysjail ...)
 	NOT-FOR-US: NetBSD and OpenBSD
 CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection
when ...)

Secure testing commits - Aug 2007 - r6378 - data/CVE

[Secure-testing-commits] r6378 - data/CVE