thijs at alioth.debian.org
2008-Sep-20 12:53 UTC
[Secure-testing-commits] r9851 - data/CVE
Author: thijs Date: 2008-09-20 12:53:07 +0000 (Sat, 20 Sep 2008) New Revision: 9851 Modified: data/CVE/list Log: phpmyadmin fixed in sid, will roll less important issues into DSA, similar for django Modified: data/CVE/list ==================================================================--- data/CVE/list 2008-09-20 09:14:14 UTC (rev 9850) +++ data/CVE/list 2008-09-20 12:53:07 UTC (rev 9851) @@ -200,7 +200,7 @@ - python-dns 2.3.1-5 (low; bug #490217) CVE-2008-4096 [phpmyadmin code execution PMASA-2008-7] RESERVED - - phpmyadmin <unfixed> (medium) + - phpmyadmin 4:2.11.8.1-2 (medium) CVE-2008-XXXX [unsafe use of tempfile in ssmclient] - smsclient <unfixed> (unimportant; bug #498901) NOTE: script is not in use and only a suggestion for users @@ -1646,7 +1646,6 @@ NOTE: CORE-2008-0716 CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from ...) - phpmyadmin 4:2.11.8~rc1-1 (low) - [etch] - phpmyadmin <no-dsa> (Minor issue) NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn''t warrant DSA on its own CVE-2008-3547 [openttd remote buffer overflow] RESERVED @@ -2168,7 +2167,6 @@ - phpbb2 <not-affected> (Vulnerable code not present) CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before ...) - phpmyadmin 4:2.11.7.1-1 (low) - [etch] - phpmyadmin <no-dsa> (low impact issue) NOTE: this only allows via csrf to create an empty database. NOTE: this would take a lot of work to get it only to the ''annoying'' level, let alone a DoS CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ...) @@ -12196,7 +12194,6 @@ NOT-FOR-US: Half-Life Server CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, ...) - python-django 0.96-1.1 (low; bug #448838) - [etch] - python-django <no-dsa> (Minor issue) CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows ...) NOT-FOR-US: Conflict CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in ...)