thijs at alioth.debian.org
2008-Mar-29 15:42 UTC
[Secure-testing-commits] r8441 - data/CVE
Author: thijs Date: 2008-03-29 15:42:11 +0000 (Sat, 29 Mar 2008) New Revision: 8441 Modified: data/CVE/list Log: phpMyAdmin nonissue Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-03-29 14:18:32 UTC (rev 8440) +++ data/CVE/list 2008-03-29 15:42:11 UTC (rev 8441) @@ -1,3 +1,10 @@ +CVE-2008-XXXX [phpMyAdmin sensitive data in session PMASA-2008-2] + - phpmyadmin 2.11.5.1 (unimportant) + NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2 + NOTE: I can see no way to actively exploit this unless the host is very + NOTE: insecure anyway (not a Debian supported configuration), plus on a + NOTE: shared host of that setup you can read the same data from the config + NOTE: if you''d like. Flagging as non-issue. CVE-2008-1530 [gnupg key import memory corruption] - gnupg <not-affected> (Only 1.4.8 is affected) TODO: Verify that the next maintainer upload uses 1.4.9 directly