thijs at alioth.debian.org
2008-Mar-01 17:40 UTC
[Secure-testing-commits] r8253 - data/CVE
Author: thijs Date: 2008-03-01 17:40:25 +0000 (Sat, 01 Mar 2008) New Revision: 8253 Modified: data/CVE/list Log: phpMyAdmin PMASA-2008-1, sid already fixed, minor issue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-03-01 10:53:51 UTC (rev 8252) +++ data/CVE/list 2008-03-01 17:40:25 UTC (rev 8253) @@ -1,3 +1,10 @@ +CVE-2008-XXXX [phpMyAdmin SQL injection through cookie] + - phpmyadmin 2.11.5-1 (low) + [etch] - phpmyadmin <no-dsa> (Minor issue) + [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: PMASA-2008-1. SQL injection if you can set local cookies, which means + NOTE: you must be able to create pages in the same cookie domain, which seems + NOTE: rare and unwise. low priority. CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 ...) NOT-FOR-US: SurgeMail CVE-2008-1054 (Stack-based buffer overflow in the _lib_spawn_user_getpid function in ...)