Author: nion Date: 2008-03-12 22:50:13 +0000 (Wed, 12 Mar 2008) New Revision: 8323 Modified: data/CVE/list Log: phpmyadmin cveified Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-03-12 22:16:05 UTC (rev 8322) +++ data/CVE/list 2008-03-12 22:50:13 UTC (rev 8323) @@ -277,6 +277,11 @@ RESERVED CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters ...) - phpmyadmin 4:2.11.5-1 (low) + [etch] - phpmyadmin <no-dsa> (Minor issue) + [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) + NOTE: PMASA-2008-1. SQL injection if you can set local cookies, which means + NOTE: you must be able to create pages in the same cookie domain, which seems + NOTE: rare and unwise. low priority. CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that uses ...) TODO: check CVE-2008-1147 (A certain pseudo-random number generator (PRNG) algorithm that uses ...) @@ -516,13 +521,6 @@ CVE-2008-1142 [insecure default behaviour in rxvt for handling DISPLAY variable] RESERVED - rxvt <unfixed> (unimportant; bug #469296) -CVE-2008-XXXX [phpMyAdmin SQL injection through cookie] - - phpmyadmin 2.11.5-1 (low) - [etch] - phpmyadmin <no-dsa> (Minor issue) - [sarge] - phpmyadmin <not-affected> (Vulnerable code not present) - NOTE: PMASA-2008-1. SQL injection if you can set local cookies, which means - NOTE: you must be able to create pages in the same cookie domain, which seems - NOTE: rare and unwise. low priority. CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 ...) NOT-FOR-US: SurgeMail CVE-2008-1054 (Stack-based buffer overflow in the _lib_spawn_user_getpid function in ...)