Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
97bcc3e4 by Markus Koschany at 2019-06-16T15:38:24Z
Remove no-dsa tags for phpmyadmin,Jessie because of upcoming DLA
- - - - -
15321c1d by Markus Koschany at 2019-06-16T15:40:44Z
Reserve DLA-1821-1 for phpmyadmin
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -139143,12 +139143,10 @@ CVE-2016-9848 (An issue was discovered in
phpMyAdmin. phpinfo (phpinfo.php) show
CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass
AllowR ...)
{DLA-757-1}
- phpmyadmin 4:4.6.5.1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for
the allow ...)
{DLA-757-1}
- phpmyadmin 4:4.6.5.1-1 (low)
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request
paramete ...)
- phpmyadmin 4:4.6.5.1-1 (unimportant)
@@ -139189,7 +139187,6 @@ CVE-2016-9860 (An issue was discovered in phpMyAdmin.
An unauthenticated user ca
CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in
URL ma ...)
{DLA-757-1}
- phpmyadmin 4:4.6.5.1-1 (low)
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login
request it ...)
- phpmyadmin 4:4.6.5.1-1
@@ -139204,7 +139201,6 @@ CVE-2016-9863 (An issue was discovered in phpMyAdmin.
With a very large request
CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username
or a ta ...)
{DLA-757-1}
- phpmyadmin 4:4.6.5.1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in
serialized stri ...)
{DLA-1415-1 DLA-757-1}
@@ -148431,38 +148427,31 @@ CVE-2016-6633 (An issue was discovered in
phpMyAdmin. phpMyAdmin can be used to
NOTE: dbase extension not available in Debian
CVE-2016-6632 (An issue was discovered in phpMyAdmin where, under certain
conditions, ...)
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-55/
CVE-2016-6631 (An issue was discovered in phpMyAdmin. A user can execute a
remote cod ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-54/
CVE-2016-6630 (An issue was discovered in phpMyAdmin. An authenticated user
can trigg ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-53/
CVE-2016-6629 (An issue was discovered in phpMyAdmin involving the
$cfg['ArbitrarySer ...)
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-52/
CVE-2016-6628 (An issue was discovered in phpMyAdmin. An attacker may be able
to trig ...)
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-51/
CVE-2016-6627 (An issue was discovered in phpMyAdmin. An attacker can
determine the p ...)
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
CVE-2016-6626 (An issue was discovered in phpMyAdmin. An attacker could
redirect a us ...)
{DLA-757-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
CVE-2016-6625 (An issue was discovered in phpMyAdmin. An attacker can
determine wheth ...)
@@ -148477,7 +148466,6 @@ CVE-2016-6625 (An issue was discovered in phpMyAdmin.
An attacker can determine
CVE-2016-6624 (An issue was discovered in phpMyAdmin involving improper
enforcement o ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-47/
CVE-2016-6623 (An issue was discovered in phpMyAdmin. An authorized user can
cause a ...)
{DLA-626-1}
@@ -148528,17 +148516,14 @@ CVE-2016-6614 (An issue was discovered in
phpMyAdmin involving the %u username r
CVE-2016-6613 (An issue was discovered in phpMyAdmin. A user can specially
craft a sy ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
CVE-2016-6612 (An issue was discovered in phpMyAdmin. A user can exploit the
LOAD LOC ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
CVE-2016-6611 (An issue was discovered in phpMyAdmin. A specially crafted
database an ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
CVE-2016-6610 (A full path disclosure vulnerability was discovered in
phpMyAdmin wher ...)
- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
@@ -148556,12 +148541,10 @@ CVE-2016-6608 (XSS issues were discovered in
phpMyAdmin. This affects the databa
CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom
search (sp ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The
decryp ...)
{DLA-626-1}
- phpmyadmin 4:4.6.4+dfsg1-1
- [jessie] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote
attackers to ...)
NOT-FOR-US: Impala
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Jun 2019] DLA-1821-1 phpmyadmin - security update
+ {CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613
CVE-2016-6624 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6629
CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-9849 CVE-2016-9850
CVE-2016-9861 CVE-2016-9864 CVE-2019-12616}
+ [jessie] - phpmyadmin 4:4.2.12-2+deb8u6
[16 Jun 2019] DLA-1820-1 thunderbird - security update
{CVE-2019-11703 CVE-2019-11704 CVE-2019-11705 CVE-2019-11706}
[jessie] - thunderbird 1:60.7.1-1~deb8u1
=====================================
data/dla-needed.txt
=====================================
@@ -98,8 +98,6 @@ mupdf (Mike Gabriel)
--
php-horde-form (Markus Koschany)
--
-phpmyadmin (Markus Koschany)
---
polarssl
NOTE: 20181207: Not 100% sure if vulnerable. Upstream would prefer us to
move to latest version, etc. (!). (lamby)
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/98ea35243ca2547bfb5ee168bc720cb36a1a5487...15321c1df6ef6276b18420099d1216e886a1b073
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/98ea35243ca2547bfb5ee168bc720cb36a1a5487...15321c1df6ef6276b18420099d1216e886a1b073
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
