[Git][security-tracker-team/security-tracker][master] Track phpmyadmin as proposed via stretch-pu

Salvatore Bonaccorso Wed, 06 Nov 2019 05:43:34 -0800


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
55503a74 by Salvatore Bonaccorso at 2019-11-06T13:42:13Z
Track phpmyadmin as proposed via stretch-pu

- - - - -


2 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -21325,6 +21325,7 @@ CVE-2019-12617 (In SilverStripe through 4.3.3, there is 
access escalation for CM
 CVE-2019-12616 (An issue was discovered in phpMyAdmin before 4.9.0. A 
vulnerability wa ...)
        {DLA-1821-1}
        - phpmyadmin <unfixed> (bug #930017)
+       [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point 
release)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2019-4/
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec
 CVE-2019-12613
@@ -23494,6 +23495,7 @@ CVE-2019-11769 (An issue was discovered in TeamViewer 
14.2.2558. Updating the pr
        NOT-FOR-US: TeamViewer
 CVE-2019-11768 (An issue was discovered in phpMyAdmin before 4.9.0.1. A 
vulnerability  ...)
        - phpmyadmin <unfixed> (bug #930048)
+       [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point 
release)
        [jessie] - phpmyadmin <not-affected> (vulnerable code is not present)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2019-3/
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86
@@ -37941,11 +37943,13 @@ CVE-2019-6800 (In TitanHQ SpamTitan through 7.03, a 
vulnerability exists in the
 CVE-2019-6799 (An issue was discovered in phpMyAdmin before 4.8.5. When the 
AllowArbi ...)
        {DLA-1692-1}
        - phpmyadmin <unfixed> (bug #920823)
+       [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point 
release)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2019-1/
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900
 CVE-2019-6798 (An issue was discovered in phpMyAdmin before 4.8.5. A 
vulnerability wa ...)
        - phpmyadmin <unfixed> (bug #920822)
+       [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point 
release)
        [jessie] - phpmyadmin <not-affected> (Vulnerable code introduced later 
>= 4.5.0)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2019-2/
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb78670590f7511399435
@@ -51448,6 +51452,7 @@ CVE-2018-19971 (JFrog Artifactory Pro 6.5.9 has 
Incorrect Access Control. ...)
 CVE-2018-19970 (In phpMyAdmin before 4.8.4, an XSS vulnerability was found in 
the navi ...)
        {DLA-1658-1}
        - phpmyadmin <unfixed>
+       [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point 
release)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2018-8/
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e
 CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are 
affected by a s ...)
@@ -51459,6 +51464,7 @@ CVE-2018-19969 (phpMyAdmin 4.7.x and 4.8.x versions 
prior to 4.8.4 are affected
 CVE-2018-19968 (An attacker can exploit phpMyAdmin before 4.8.4 to leak the 
contents o ...)
        {DLA-1658-1}
        - phpmyadmin <unfixed>
+       [stretch] - phpmyadmin <no-dsa> (Minor issue; can be fixed via point 
release)
        NOTE: https://www.phpmyadmin.net/security/PMASA-2018-6/
        NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
 CVE-2018-19959


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -64,3 +64,17 @@ CVE-2016-9112
        [stretch] - openjpeg2 2.1.2-1.1+deb9u4
 CVE-2019-14806
        [stretch] - python-werkzeug 0.11.15+dfsg1-1+deb9u1
+CVE-2018-7260
+       [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2018-19968
+       [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2018-19970
+       [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2019-6799
+       [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2019-6798
+       [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2019-11768
+       [stretch] - phpmyadmin 4:4.6.6-4+deb9u1
+CVE-2019-12616
+       [stretch] - phpmyadmin 4:4.6.6-4+deb9u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/55503a74774e97e76e3e9ba8c512a6a2cb0b9d11

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/55503a74774e97e76e3e9ba8c512a6a2cb0b9d11
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track phpmyadmin as proposed via stretch-pu

Reply via email to