Secure testing commits - Apr 2009 - r11517 - data/CVE

Author: thijs
Date: 2009-04-01 05:13:19 +0000 (Wed, 01 Apr 2009)
New Revision: 11517

Modified:
   data/CVE/list
Log:
phpMyAdmin issues, all fixed in sid/squeeze, one affects lenny/etch


Modified: data/CVE/list
==================================================================---
data/CVE/list	2009-03-31 22:28:27 UTC (rev 11516)
+++ data/CVE/list	2009-04-01 05:13:19 UTC (rev 11517)
@@ -49,12 +49,19 @@
 	NOT-FOR-US: Siemens router
 CVE-2009-1151 (Static code injection vulnerability in setup.php in phpMyAdmin
2.11.x ...)
 	- phpmyadmin 4:3.1.3.1-1
+	[lenny] - phpmyadmin <unfixed> (unimportant)
+	[etch] - phpmyadmin <unfixed> (unimportant)
+	NOTE: in Debian only accessible for administrator
 CVE-2009-1150 (Multiple cross-site scripting (XSS) vulnerabilities in the
export page ...)
 	- phpmyadmin 4:3.1.3.1-1
 CVE-2009-1149 (CRLF injection vulnerability in bs_disp_as_mime_type.php in the
BLOB ...)
 	- phpmyadmin 4:3.1.3.1-1
+	[etch] - phpmyadmn <not-affected> (Vulnerable code not present)
+	[lenny] - phpmyadmn <not-affected> (Vulnerable code not present)
 CVE-2009-1148 (Directory traversal vulnerability in bs_disp_as_mime_type.php in
the ...)
 	- phpmyadmin 4:3.1.3.1-1
+	[etch] - phpmyadmn <not-affected> (Vulnerable code not present)
+	[lenny] - phpmyadmn <not-affected> (Vulnerable code not present)
 CVE-2009-1147
 	RESERVED
 CVE-2009-1146