[Git][security-tracker-team/security-tracker][master] 3 commits: Update old CVEs for phpmyadmin

William Desportes Wed, 08 Jan 2020 13:53:17 -0800


William Desportes pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7b2a4408 by William Desportes at 2020-01-08T22:28:34+01:00
Update old CVEs for phpmyadmin

Does not exist in any of the following distributions (jessie, stretch, 
bullseye, sid)

- CVE-2005-3622
- CVE-2005-4349
- CVE-2006-6373
- CVE-2007-4306

- - - - -
91dd4aa8 by William Desportes at 2020-01-08T22:36:19+01:00
Add DLA-2060-1 for phpmyadmin


- - - - -
cf687e58 by William Desportes at 2020-01-08T22:45:58+01:00
Update CVE-2020-5504/phpmyadmin


- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2228,8 +2228,11 @@ CVE-2020-5506
        RESERVED
 CVE-2020-5505
        RESERVED
-CVE-2020-5504
-       RESERVED
+CVE-2020-5504 (A SQL injection flaw has been discovered in the user accounts 
page. A ma...)
+       - phpmyadmin <unfixed>
+       NOTE: 
https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983
+       NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b
+       NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/
 CVE-2020-5503
        RESERVED
 CVE-2020-5502
@@ -359644,8 +359647,7 @@ CVE-2007-4308 (The (1) aac_cfg_open and (2) 
aac_compat_ioctl functions in the SC
 CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in 
Storesprite 7 a ...)
        NOT-FOR-US: Storesprite
 CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in 
phpMyAdmin 2.10 ...)
-       - phpmyadmin <unfixed> (unimportant)
-       [sarge] - phpmyadmin <not-affected>
+       - phpmyadmin <not-affected> (vulnerable code is not present)
        NOTE: It seems that this requires knowledge of a unguessable session 
token.
        NOTE: Confirmed by upstream. Sarge is not affected at all.
 CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) 
Sysjail  ...)
@@ -371899,7 +371901,7 @@ CVE-2006-6374 (Multiple CRLF injection 
vulnerabilities in PhpMyAdmin 2.7.0-pl2 a
        [etch] - phpmyadmin <not-affected> (not exploitable with Etch's php 
versions)
        NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
 CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain 
sensitive infor ...)
-       - phpmyadmin <unfixed> (unimportant)
+       - phpmyadmin <not-affected> (vulnerable code is not present)
        NOTE: path is known in Debian anyway
 CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in 
pbguestbook.php ...)
        NOT-FOR-US: JAB Guest Book
@@ -387484,8 +387486,8 @@ CVE-2005-4351 (The securelevels implementation in 
FreeBSD 7.0 and earlier, OpenB
        - linux-2.6 2.6.18-3
 CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before 
A.01.05.12 an ...)
        NOT-FOR-US: WBEM Services
-CVE-2005-4349
-       - phpmyadmin <unfixed> (unimportant)
+CVE-2005-4349 (SQL injection vulnerability in server_privileges.php in 
phpMyAdmin 2.7 ...)
+       - phpmyadmin <not-affected> (vulnerable code is not present)
        NOTE: Only for authenticated used, will possibly be rejected
 CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as 
implemented in  ...)
        NOT-FOR-US: IOS
@@ -389440,7 +389442,7 @@ CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 
does not check for MAY_SAT
        [sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
        - linux-2.6 2.6.14-7
 CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to 
obtain t ...)
-       - phpmyadmin <unfixed> (unimportant)
+       - phpmyadmin <not-affected> (vulnerable code is not present)
 CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 
2.0.2 patc ...)
        NOT-FOR-US: VMware ESX
 CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management 
interface f ...)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Jan 2020] DLA-2060-1 phpmyadmin - security update
+       {CVE-2020-5504}
+       [jessie] - phpmyadmin 4:4.2.12-2+deb8u8
 [06 Jan 2020] DLA-2059-1 git - security update
        {CVE-2019-1348 CVE-2019-1349 CVE-2019-1352 CVE-2019-1353 CVE-2019-1387}
        [jessie] - git 1:2.1.4-2.1+deb8u8



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/700a69a034da72f65f5f0649f4fbbcae5d064440...cf687e588e33c2eb64fe96684b7f92051188944f

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/700a69a034da72f65f5f0649f4fbbcae5d064440...cf687e588e33c2eb64fe96684b7f92051188944f
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] 3 commits: Update old CVEs for phpmyadmin

Reply via email to