Thijs Kinkhorst
2006-Dec-11 16:59 UTC
[Secure-testing-team] Re: phpMyAdmin security vulnerabilities for sarge
Hi all, I wrote the following a couple of months back... On Thu, 2006-08-03 at 13:22 +0200, Thijs Kinkhorst wrote:> > CVE-2006-1803 Cross-site scripting (XSS) vulnerability in sql.php > in phpMyAdmin ... > > Can not reproduce and [is] suggested to be a false duplicate of > CVE-2006-1804. I''m considering this one to be not vulnerable in sarge.This is still marked as ''vulnerable'' in the security tracker for phpmyadmin. I think that can be updated. I''m working on the other open issues. Thijs -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061211/5ebba676/attachment.pgp
Neil McGovern
2006-Dec-11 23:45 UTC
[Secure-testing-team] Re: phpMyAdmin security vulnerabilities for sarge
On Mon, Dec 11, 2006 at 04:39:09PM +0100, Thijs Kinkhorst wrote:> Hi all, > > I wrote the following a couple of months back... > > On Thu, 2006-08-03 at 13:22 +0200, Thijs Kinkhorst wrote: > > > CVE-2006-1803 Cross-site scripting (XSS) vulnerability in sql.php > > in phpMyAdmin ... > > > > Can not reproduce and [is] suggested to be a false duplicate of > > CVE-2006-1804. I''m considering this one to be not vulnerable in sarge. > > This is still marked as ''vulnerable'' in the security tracker for > phpmyadmin. I think that can be updated. > > I''m working on the other open issues. >Updated. Thanks, Neil -- <mooch> If stockhom sees my banana, he will want to eat it -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20061211/5638210c/attachment.pgp