Package: phpmyadmin Version: 4:2.6.2-3 Severity: important Tags: security Hi!
There is a number of outstanding issues which do not appear as fixed in the changelog: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0544 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1392 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0459 These issues _might_ be fixed in 2.6.2, I did not check. Can you please evaluate this? I see two fixed XSS issues in the changelog, however, there are three recent CANs about it; is one of these issues still unfixed? Maybe you can add their CAN numbers to the changelog in your next upload? That would make it easier to track issues automatically: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0543 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0567 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0992 Since I did not confirm any vulnerability personally, I leave this to "important". Please upgrade it to grave if there are actually unfixed things. Thanks, Martin -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.11.9 Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
signature.asc
Description: Digital signature
