thijs at alioth.debian.org
2008-Jul-16 19:26 UTC
[Secure-testing-commits] r9356 - data/CVE
Author: thijs Date: 2008-07-16 19:26:11 +0000 (Wed, 16 Jul 2008) New Revision: 9356 Modified: data/CVE/list Log: pma issue mostly allows to annoy a user Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-07-16 19:18:50 UTC (rev 9355) +++ data/CVE/list 2008-07-16 19:26:11 UTC (rev 9356) @@ -3,7 +3,10 @@ NOTE: this code was never present in a released wordpress version NOTE: http://www.openwall.com/lists/oss-security/2008/07/15/5 CVE-2008-3197 [phpmyadmin CSRF PMASA-2008-5] - - phpmyadmin 4:2.11.7.1-1 + - phpmyadmin 4:2.11.7.1-1 (low) + [etch] - phpmyadmin <no-dsa> (low impact issue) + NOTE: this only allows via csrf to create an empty database. + NOTE: this would take a lot of work to get it only to the ''annoying'' level, let alone a DoS CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ...) NOT-FOR-US: Chipmunk Blog CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate ...)